From bddf6f8e6909ea1a3a9f240ca3a7515aea4e35b4 Mon Sep 17 00:00:00 2001
From: Raghavendra Talur <rtalur@redhat.com>
Date: Mon, 4 Jul 2016 18:36:26 +0530
Subject: gfapi: update count when glfs_buf_copy is used

Backport of http://review.gluster.org/#/c/14854

glfs_buf_copy collates all iovecs into a iovec with count=1. If
gio->count is not updated it will lead to dereferencing of invalid
address.

Change-Id: I7c58071d5c6515ec6fee3ab36af206fa80cf37c3
BUG: 1352482
Signed-off-by: Raghavendra Talur <rtalur@redhat.com>
Signed-off-by: Poornima G <pgurusid@redhat.com>
Reported-By: Lindsay Mathieson <lindsay.mathieson@gmail.com>
Reported-By: Dmitry Melekhov <dm@belkam.com>
Reported-By: Tom Emerson <TEmerson@cyberitas.com>
Reviewed-on: http://review.gluster.org/14859
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Prashanth Pai <ppai@redhat.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
---
 api/src/glfs-fops.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'api')

diff --git a/api/src/glfs-fops.c b/api/src/glfs-fops.c
index 13815f7237b..77c8d24c63e 100644
--- a/api/src/glfs-fops.c
+++ b/api/src/glfs-fops.c
@@ -1155,12 +1155,13 @@ pub_glfs_pwritev_async (struct glfs_fd *glfd, const struct iovec *iovec,
 
         gio->op     = GF_FOP_WRITE;
         gio->glfd   = glfd;
-        gio->count  = count;
         gio->offset = offset;
         gio->flags  = flags;
         gio->fn     = fn;
         gio->data   = data;
-        gio->iov = GF_CALLOC (1, sizeof (*(gio->iov)), gf_common_mt_iovec);
+        gio->count  = 1;
+        gio->iov = GF_CALLOC (gio->count, sizeof (*(gio->iov)),
+                              gf_common_mt_iovec);
         if (!gio->iov) {
                 errno = ENOMEM;
                 goto out;
-- 
cgit