[Tipc-discussion] Latent bug in msg_build()?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Jon:

I'm not sure if there is a latent bug in the msg_build() routine in msg.h.
Shouldn't the message header be placed into the empty buffer using
buf_copy_prepend() rather than buf_copy_append()?

My understanding is that buf_acquire() returns a buffer that has reserved
space at the front of the buffer for TIPC header (and any bearer header
too).  However, using buf_copy_append() to insert the message header won't
taken advantage of this reserved space, and could result in the ensuing
buf_safe_append() operations overwriting the end of the buffer.

Can you confirm this bug?  My impression from past experience is that Linux
is fairly forgiving of buffer overruns of this sort, but it still seems
wrong.

Regards,
Al

[Tipc-discussion] Latent bug in msg_build()?

Cluster wide IPC providing datagram, connection, and bus messaging

[Tipc-discussion] Latent bug in msg_build()?