From ed4a754f7b6b103b23b2c3e29b8b749cd9db89f3 Mon Sep 17 00:00:00 2001 From: Raghavendra G Date: Tue, 9 Sep 2014 11:33:14 +0530 Subject: cluster/dht: fix memory corruption in locking api. The contents of the array are sorted in ascending order according to a comparison function pointed to by compar, which is called with two arguments that "point to the objects being compared". qsort passes "pointers to members of the array" to comparision function. Since the members of the array happen to be (dht_lock_t *), the arguments passed to dht_lock_request_cmp are of type (dht_lock_t **). Previously we assumed them to be of type (dht_lock_t *), which resulted in memory corruption. Change-Id: Iee0758704434beaff3c3a1ad48d549cbdc9e1c96 BUG: 1139506 Signed-off-by: Raghavendra G Reviewed-on: http://review.gluster.org/8659 Tested-by: Gluster Build System Reviewed-by: Shyamsundar Ranganathan Reviewed-by: Vijay Bellur --- xlators/cluster/dht/src/dht-helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xlators/cluster/dht/src/dht-helper.c b/xlators/cluster/dht/src/dht-helper.c index 2d32f69580b..e7ae5c2b002 100644 --- a/xlators/cluster/dht/src/dht-helper.c +++ b/xlators/cluster/dht/src/dht-helper.c @@ -1728,8 +1728,8 @@ dht_lock_request_cmp (const void *val1, const void *val2) dht_lock_t *lock2 = NULL; int ret = 0; - lock1 = (dht_lock_t *)val1; - lock2 = (dht_lock_t *)val2; + lock1 = *(dht_lock_t **)val1; + lock2 = *(dht_lock_t **)val2; GF_VALIDATE_OR_GOTO ("dht-locks", lock1, out); GF_VALIDATE_OR_GOTO ("dht-locks", lock2, out); -- cgit