gfapi: update count when glfs_buf_copy is used

glfs_buf_copy collates all iovecs into a iovec with count=1. If
gio->count is not updated it will lead to dereferencing of invalid
address.

Change-Id: I7c58071d5c6515ec6fee3ab36af206fa80cf37c3
BUG: 1352634
Signed-off-by: Raghavendra Talur <rtalur@redhat.com>
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reported-By: Lindsay Mathieson <lindsay.mathieson@gmail.com> 
Reported-By: Dmitry Melekhov <dm@belkam.com> 
Reported-By: Tom Emerson <TEmerson@cyberitas.com>
Reviewed-on: http://review.gluster.org/14854
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Kaushal M <kaushal@redhat.com>
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Niels de Vos <ndevos@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>

1 files changed, 3 insertions, 2 deletions

diff --git a/api/src/glfs-fops.c b/api/src/glfs-fops.c
index 5209ce3959a..cf809705c8a 100644
--- a/api/src/glfs-fops.c
+++ b/api/src/glfs-fops.c
@@ -1216,12 +1216,13 @@ pub_glfs_pwritev_async (struct glfs_fd *glfd, const struct iovec *iovec,
 
         gio->op     = GF_FOP_WRITE;
         gio->glfd   = glfd;
-        gio->count  = count;
         gio->offset = offset;
         gio->flags  = flags;
         gio->fn     = fn;
         gio->data   = data;
-        gio->iov = GF_CALLOC (1, sizeof (*(gio->iov)), gf_common_mt_iovec);
+        gio->count  = 1;
+        gio->iov = GF_CALLOC (gio->count, sizeof (*(gio->iov)),
+                              gf_common_mt_iovec);
         if (!gio->iov) {
                 errno = ENOMEM;
                 goto out;