From 646b31075f5447b02a1e8985d231ef697c8aa7ba Mon Sep 17 00:00:00 2001
From: Aleksei Gutikov <aleksey.gutikov@synesis.ru>
Date: Thu, 3 May 2018 19:20:40 +0300
Subject: [PATCH] librados: fix buffer overflow for aio_exec python binding

aio_exec returns ERANGE if provided buffer is not enough.

Fixes: https://tracker.ceph.com/issues/23964

Signed-off-by: Aleksei Gutikov <aleksey.gutikov@synesis.ru>
(cherry picked from commit 2ac2592e1d5548b40f7311840360968040614208)
---
 src/librados/IoCtxImpl.cc | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/librados/IoCtxImpl.cc b/src/librados/IoCtxImpl.cc
index cc8d7a27ead31..3dbc8235bbe41 100644
--- a/src/librados/IoCtxImpl.cc
+++ b/src/librados/IoCtxImpl.cc
@@ -2017,9 +2017,11 @@ void librados::IoCtxImpl::C_aio_Complete::finish(int r)
   c->cond.Signal();
 
   if (r == 0 && c->blp && c->blp->length() > 0) {
-    if (c->out_buf && !c->blp->is_provided_buffer(c->out_buf))
-      c->blp->copy(0, c->blp->length(), c->out_buf);
-    c->rval = c->blp->length();
+    if (c->out_buf && !c->blp->is_contiguous()) {
+      c->rval = -ERANGE;
+    } else {
+      c->rval = c->blp->length();
+    }
   }
 
   if (c->callback_complete ||
-- 
2.39.5