Thread: [SSI-devel] [ ssic-linux-Bugs-2719607 ] memory leak in ipcname_gettotal() path
Brought to you by:
brucewalker,
rogertsang
From: SourceForge.net <no...@so...> - 2009-03-28 20:47:36
|
Bugs item #2719607, was opened at 2009-03-28 16:47 Message generated for change (Tracker Item Submitted) made by rogertsang You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: IPC Group: default Status: Open Resolution: None Priority: 5 Private: No Submitted By: Roger Tsang (rogertsang) Assigned to: John Hughes (hughesj) Summary: memory leak in ipcname_gettotal() path Initial Comment: https://sourceforge.net/mailarchive/forum.php?thread_name=49C8C9D9.6000204%40Calva.COM&forum_name=ssic-linux-devel ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 |
From: SourceForge.net <no...@so...> - 2009-03-28 20:49:38
|
Bugs item #2719607, was opened at 2009-03-28 16:47 Message generated for change (Comment added) made by rogertsang You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: IPC Group: default Status: Open >Resolution: Accepted Priority: 5 Private: No Submitted By: Roger Tsang (rogertsang) Assigned to: John Hughes (hughesj) Summary: memory leak in ipcname_gettotal() path Initial Comment: https://sourceforge.net/mailarchive/forum.php?thread_name=49C8C9D9.6000204%40Calva.COM&forum_name=ssic-linux-devel ---------------------------------------------------------------------- >Comment By: Roger Tsang (rogertsang) Date: 2009-03-28 16:49 Message: fix attached ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 |
From: SourceForge.net <no...@so...> - 2009-04-28 13:54:09
|
Bugs item #2719607, was opened at 2009-03-28 16:47 Message generated for change (Comment added) made by rogertsang You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: IPC Group: default Status: Open Resolution: Accepted Priority: 5 Private: No Submitted By: Roger Tsang (rogertsang) Assigned to: John Hughes (hughesj) Summary: memory leak in ipcname_gettotal() path Initial Comment: https://sourceforge.net/mailarchive/forum.php?thread_name=49C8C9D9.6000204%40Calva.COM&forum_name=ssic-linux-devel ---------------------------------------------------------------------- >Comment By: Roger Tsang (rogertsang) Date: 2009-04-28 09:54 Message: There is also a memory corruption bug in this path. When doing RPC the length of the struct node_id_pairs buffer is incorrect. --- linux.orig/cluster/ssi/ipc/namesvr_clnt.c +++ linux/cluster/ssi/ipc/namesvr_clnt.c @@ -188,7 +188,7 @@ again: { clusternode_t server_node; - int status, rval, len = 0; + int rval; extern clms_key_svc_t ipc_key_service; again: server_node = name_server_node; @@ -203,13 +203,12 @@ again: rval = ipcname_gettotal(service, *node_id_pairs, sz); } else { ssi_procstate_t pstate; + int status, count = *sz; - if (*sz > 0) - len = *sz * sizeof(struct ssi_nodeid_pair); ssi_procstate_get(&pstate); - node_id_pairs, &len, sz); + node_id_pairs, &count, sz); if (status == -EAGAIN || status == -EREMOTE) { /* Server is doing failover,dying, or isn't ready yet.*/ clms_waitfor_key_service(0); Index: linux/cluster/ssi/ipc/namesvr_svr.c =================================================================== @@ -88,34 +88,33 @@ ripc_ipcname_getid(clusternode_t *node, */ void - int *len, int *sz) + ssi_procstate_t *pstate, + struct ssi_nodeid_pair **node_id_pairs, int *count, + int *sz) { ssi_procstate_t save_pstate; - int count = *sz; if (ipcname_failover_flag) { *rval = -EAGAIN; return; } - *len = 0; ssi_procstate_get(&save_pstate); ssi_procstate_set(pstate); - if (count > 0) { - if (*node_id_pairs == NULL) { - *sz = 0; + if (*count > 0) { + if (!*node_id_pairs) { + *count = *sz = 0; goto done; } } *rval = ipcname_gettotal(service, *node_id_pairs, sz); - if (count > 0) { - if (count > *sz) - count = *sz; - *len = count * sizeof(**node_id_pairs); - } + if (!*rval) { + if (*count && *sz < *count) + *count = *sz; + } else + *count = 0; done: ssi_procstate_set(&save_pstate); } ---------------------------------------------------------------------- Comment By: Roger Tsang (rogertsang) Date: 2009-03-28 16:49 Message: fix attached ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 |
From: SourceForge.net <no...@so...> - 2009-04-28 13:56:16
|
Bugs item #2719607, was opened at 2009-03-28 16:47 Message generated for change (Comment added) made by rogertsang You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: IPC Group: default Status: Open Resolution: Accepted Priority: 5 Private: No Submitted By: Roger Tsang (rogertsang) Assigned to: John Hughes (hughesj) Summary: memory leak in ipcname_gettotal() path Initial Comment: https://sourceforge.net/mailarchive/forum.php?thread_name=49C8C9D9.6000204%40Calva.COM&forum_name=ssic-linux-devel ---------------------------------------------------------------------- >Comment By: Roger Tsang (rogertsang) Date: 2009-04-28 09:56 Message: node_id_pairs is a vector ---------------------------------------------------------------------- Comment By: Roger Tsang (rogertsang) Date: 2009-04-28 09:54 Message: There is also a memory corruption bug in this path. When doing RPC the length of the struct node_id_pairs buffer is incorrect. --- linux.orig/cluster/ssi/ipc/namesvr_clnt.c +++ linux/cluster/ssi/ipc/namesvr_clnt.c @@ -188,7 +188,7 @@ again: { clusternode_t server_node; - int status, rval, len = 0; + int rval; extern clms_key_svc_t ipc_key_service; again: server_node = name_server_node; @@ -203,13 +203,12 @@ again: rval = ipcname_gettotal(service, *node_id_pairs, sz); } else { ssi_procstate_t pstate; + int status, count = *sz; - if (*sz > 0) - len = *sz * sizeof(struct ssi_nodeid_pair); ssi_procstate_get(&pstate); - node_id_pairs, &len, sz); + node_id_pairs, &count, sz); if (status == -EAGAIN || status == -EREMOTE) { /* Server is doing failover,dying, or isn't ready yet.*/ clms_waitfor_key_service(0); Index: linux/cluster/ssi/ipc/namesvr_svr.c =================================================================== @@ -88,34 +88,33 @@ ripc_ipcname_getid(clusternode_t *node, */ void - int *len, int *sz) + ssi_procstate_t *pstate, + struct ssi_nodeid_pair **node_id_pairs, int *count, + int *sz) { ssi_procstate_t save_pstate; - int count = *sz; if (ipcname_failover_flag) { *rval = -EAGAIN; return; } - *len = 0; ssi_procstate_get(&save_pstate); ssi_procstate_set(pstate); - if (count > 0) { - if (*node_id_pairs == NULL) { - *sz = 0; + if (*count > 0) { + if (!*node_id_pairs) { + *count = *sz = 0; goto done; } } *rval = ipcname_gettotal(service, *node_id_pairs, sz); - if (count > 0) { - if (count > *sz) - count = *sz; - *len = count * sizeof(**node_id_pairs); - } + if (!*rval) { + if (*count && *sz < *count) + *count = *sz; + } else + *count = 0; done: ssi_procstate_set(&save_pstate); } ---------------------------------------------------------------------- Comment By: Roger Tsang (rogertsang) Date: 2009-03-28 16:49 Message: fix attached ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 |
From: SourceForge.net <no...@so...> - 2009-10-27 03:49:01
|
Bugs item #2719607, was opened at 2009-03-28 16:47 Message generated for change (Comment added) made by rogertsang You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: IPC Group: default Status: Open >Resolution: Fixed Priority: 5 Private: No Submitted By: Roger Tsang (rogertsang) Assigned to: John Hughes (hughesj) Summary: memory leak in ipcname_gettotal() path Initial Comment: https://sourceforge.net/mailarchive/forum.php?thread_name=49C8C9D9.6000204%40Calva.COM&forum_name=ssic-linux-devel ---------------------------------------------------------------------- >Comment By: Roger Tsang (rogertsang) Date: 2009-10-26 23:49 Message: checked-in ---------------------------------------------------------------------- Comment By: Roger Tsang (rogertsang) Date: 2009-04-28 09:56 Message: node_id_pairs is a vector ---------------------------------------------------------------------- Comment By: Roger Tsang (rogertsang) Date: 2009-04-28 09:54 Message: There is also a memory corruption bug in this path. When doing RPC the length of the struct node_id_pairs buffer is incorrect. --- linux.orig/cluster/ssi/ipc/namesvr_clnt.c +++ linux/cluster/ssi/ipc/namesvr_clnt.c @@ -188,7 +188,7 @@ again: { clusternode_t server_node; - int status, rval, len = 0; + int rval; extern clms_key_svc_t ipc_key_service; again: server_node = name_server_node; @@ -203,13 +203,12 @@ again: rval = ipcname_gettotal(service, *node_id_pairs, sz); } else { ssi_procstate_t pstate; + int status, count = *sz; - if (*sz > 0) - len = *sz * sizeof(struct ssi_nodeid_pair); ssi_procstate_get(&pstate); - node_id_pairs, &len, sz); + node_id_pairs, &count, sz); if (status == -EAGAIN || status == -EREMOTE) { /* Server is doing failover,dying, or isn't ready yet.*/ clms_waitfor_key_service(0); Index: linux/cluster/ssi/ipc/namesvr_svr.c =================================================================== @@ -88,34 +88,33 @@ ripc_ipcname_getid(clusternode_t *node, */ void - int *len, int *sz) + ssi_procstate_t *pstate, + struct ssi_nodeid_pair **node_id_pairs, int *count, + int *sz) { ssi_procstate_t save_pstate; - int count = *sz; if (ipcname_failover_flag) { *rval = -EAGAIN; return; } - *len = 0; ssi_procstate_get(&save_pstate); ssi_procstate_set(pstate); - if (count > 0) { - if (*node_id_pairs == NULL) { - *sz = 0; + if (*count > 0) { + if (!*node_id_pairs) { + *count = *sz = 0; goto done; } } *rval = ipcname_gettotal(service, *node_id_pairs, sz); - if (count > 0) { - if (count > *sz) - count = *sz; - *len = count * sizeof(**node_id_pairs); - } + if (!*rval) { + if (*count && *sz < *count) + *count = *sz; + } else + *count = 0; done: ssi_procstate_set(&save_pstate); } ---------------------------------------------------------------------- Comment By: Roger Tsang (rogertsang) Date: 2009-03-28 16:49 Message: fix attached ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 |
From: SourceForge.net <no...@so...> - 2010-03-13 19:58:13
|
Bugs item #2719607, was opened at 2009-03-28 16:47 Message generated for change (Settings changed) made by rogertsang You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: IPC Group: default >Status: Closed Resolution: Fixed Priority: 5 Private: No Submitted By: Roger Tsang (rogertsang) Assigned to: John Hughes (hughesj) Summary: memory leak in ipcname_gettotal() path Initial Comment: https://sourceforge.net/mailarchive/forum.php?thread_name=49C8C9D9.6000204%40Calva.COM&forum_name=ssic-linux-devel ---------------------------------------------------------------------- Comment By: Roger Tsang (rogertsang) Date: 2009-10-26 23:49 Message: checked-in ---------------------------------------------------------------------- Comment By: Roger Tsang (rogertsang) Date: 2009-04-28 09:56 Message: node_id_pairs is a vector ---------------------------------------------------------------------- Comment By: Roger Tsang (rogertsang) Date: 2009-04-28 09:54 Message: There is also a memory corruption bug in this path. When doing RPC the length of the struct node_id_pairs buffer is incorrect. --- linux.orig/cluster/ssi/ipc/namesvr_clnt.c +++ linux/cluster/ssi/ipc/namesvr_clnt.c @@ -188,7 +188,7 @@ again: { clusternode_t server_node; - int status, rval, len = 0; + int rval; extern clms_key_svc_t ipc_key_service; again: server_node = name_server_node; @@ -203,13 +203,12 @@ again: rval = ipcname_gettotal(service, *node_id_pairs, sz); } else { ssi_procstate_t pstate; + int status, count = *sz; - if (*sz > 0) - len = *sz * sizeof(struct ssi_nodeid_pair); ssi_procstate_get(&pstate); - node_id_pairs, &len, sz); + node_id_pairs, &count, sz); if (status == -EAGAIN || status == -EREMOTE) { /* Server is doing failover,dying, or isn't ready yet.*/ clms_waitfor_key_service(0); Index: linux/cluster/ssi/ipc/namesvr_svr.c =================================================================== @@ -88,34 +88,33 @@ ripc_ipcname_getid(clusternode_t *node, */ void - int *len, int *sz) + ssi_procstate_t *pstate, + struct ssi_nodeid_pair **node_id_pairs, int *count, + int *sz) { ssi_procstate_t save_pstate; - int count = *sz; if (ipcname_failover_flag) { *rval = -EAGAIN; return; } - *len = 0; ssi_procstate_get(&save_pstate); ssi_procstate_set(pstate); - if (count > 0) { - if (*node_id_pairs == NULL) { - *sz = 0; + if (*count > 0) { + if (!*node_id_pairs) { + *count = *sz = 0; goto done; } } *rval = ipcname_gettotal(service, *node_id_pairs, sz); - if (count > 0) { - if (count > *sz) - count = *sz; - *len = count * sizeof(**node_id_pairs); - } + if (!*rval) { + if (*count && *sz < *count) + *count = *sz; + } else + *count = 0; done: ssi_procstate_set(&save_pstate); } ---------------------------------------------------------------------- Comment By: Roger Tsang (rogertsang) Date: 2009-03-28 16:49 Message: fix attached ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=405834&aid=2719607&group_id=32541 |