From 0925de112b6c5329ecfae0713eabaff47f3a8221 Mon Sep 17 00:00:00 2001 From: songweibin Date: Mon, 10 Dec 2018 17:27:02 +0800 Subject: [PATCH] librbd: misc fix potential invalid pointer As described in commit: 5431fba5c5c9122418b6a03df4ed89f86fbb35e3, so do they. Signed-off-by: songweibin --- src/librbd/librbd.cc | 8 ++++++++ src/test/librbd/test_librbd.cc | 1 - 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/librbd/librbd.cc b/src/librbd/librbd.cc index 03d8cbe561fb..7550f8aaa6d5 100644 --- a/src/librbd/librbd.cc +++ b/src/librbd/librbd.cc @@ -2963,6 +2963,7 @@ extern "C" int rbd_list2(rados_ioctx_t p, rbd_image_spec_t *images, TracepointProvider::initialize(get_cct(io_ctx)); tracepoint(librbd, list_enter, io_ctx.get_pool_name().c_str(), io_ctx.get_id()); + memset(images, 0, sizeof(*images) * *size); std::vector cpp_image_specs; int r = librbd::api::Image<>::list_images(io_ctx, &cpp_image_specs); if (r < 0) { @@ -3150,6 +3151,7 @@ extern "C" int rbd_trash_list(rados_ioctx_t p, rbd_trash_image_info_t *entries, TracepointProvider::initialize(get_cct(io_ctx)); tracepoint(librbd, trash_list_enter, io_ctx.get_pool_name().c_str(), io_ctx.get_id()); + memset(entries, 0, sizeof(*entries) * *num_entries); vector cpp_entries; int r = librbd::api::Trash<>::list(io_ctx, cpp_entries); @@ -4347,6 +4349,7 @@ extern "C" int rbd_lock_get_owners(rbd_image_t image, { librbd::ImageCtx *ictx = reinterpret_cast(image); tracepoint(librbd, lock_get_owners_enter, ictx); + memset(lock_owners, 0, sizeof(*lock_owners) * *max_lock_owners); std::list lock_owner_list; int r = librbd::lock_get_owners(ictx, lock_mode, &lock_owner_list); if (r >= 0) { @@ -4662,6 +4665,7 @@ extern "C" int rbd_list_children2(rbd_image_t image, auto ictx = reinterpret_cast(image); tracepoint(librbd, list_children_enter, ictx, ictx->name.c_str(), ictx->snap_name.c_str(), ictx->read_only); + memset(children, 0, sizeof(*children) * *max_children); if (!max_children) { tracepoint(librbd, list_children_exit, -EINVAL); @@ -4723,6 +4727,7 @@ extern "C" int rbd_list_children3(rbd_image_t image, auto ictx = reinterpret_cast(image); tracepoint(librbd, list_children_enter, ictx, ictx->name.c_str(), ictx->snap_name.c_str(), ictx->read_only); + memset(images, 0, sizeof(*images) * *max_images); std::vector cpp_children; int r = librbd::api::Image<>::list_children(ictx, &cpp_children); @@ -5725,6 +5730,7 @@ extern "C" int rbd_group_image_list(rados_ioctx_t group_p, tracepoint(librbd, group_image_list_enter, group_ioctx.get_pool_name().c_str(), group_ioctx.get_id(), group_name); + memset(images, 0, sizeof(*images) * *image_size); if (group_image_info_size != sizeof(rbd_group_image_info_t)) { *image_size = 0; @@ -5854,6 +5860,7 @@ extern "C" int rbd_group_snap_list(rados_ioctx_t group_p, TracepointProvider::initialize(get_cct(group_ioctx)); tracepoint(librbd, group_snap_list_enter, group_ioctx.get_pool_name().c_str(), group_ioctx.get_id(), group_name); + memset(snaps, 0, sizeof(*snaps) * *snaps_size); if (group_snap_info_size != sizeof(rbd_group_snap_info_t)) { *snaps_size = 0; @@ -6022,6 +6029,7 @@ extern "C" int rbd_watchers_list(rbd_image_t image, librbd::ImageCtx *ictx = (librbd::ImageCtx*)image; tracepoint(librbd, list_watchers_enter, ictx, ictx->name.c_str(), ictx->snap_name.c_str(), ictx->read_only); + memset(watchers, 0, sizeof(*watchers) * *max_watchers); int r = librbd::list_watchers(ictx, watcher_list); if (r < 0) { tracepoint(librbd, list_watchers_exit, r, 0); diff --git a/src/test/librbd/test_librbd.cc b/src/test/librbd/test_librbd.cc index bbc4777268c6..825d2b2e4b36 100644 --- a/src/test/librbd/test_librbd.cc +++ b/src/test/librbd/test_librbd.cc @@ -6359,7 +6359,6 @@ TEST_F(TestLibRBD, ExclusiveLock) &max_lock_owners)); ASSERT_EQ(1U, max_lock_owners); - max_lock_owners = 2; ASSERT_EQ(0, rbd_lock_get_owners(image1, &lock_mode, lock_owners, &max_lock_owners)); ASSERT_EQ(RBD_LOCK_MODE_EXCLUSIVE, lock_mode); -- 2.47.3