From a6499d32292ca5a1418e1c785d617317226b2f53 Mon Sep 17 00:00:00 2001 From: Raghavendra G Date: Tue, 16 Sep 2014 13:55:03 -0400 Subject: cluster/dht: fix memory corruption in locking api. The contents of the array are sorted in ascending order according to a comparison function pointed to by compar, which is called with two arguments that "point to the objects being compared". qsort passes "pointers to members of the array" to comparision function. Since the members of the array happen to be (dht_lock_t *), the arguments passed to dht_lock_request_cmp are of type (dht_lock_t **). Previously we assumed them to be of type (dht_lock_t *), which resulted in memory corruption. Change-Id: Iee0758704434beaff3c3a1ad48d549cbdc9e1c96 BUG: 1142406 Signed-off-by: Raghavendra G Reviewed-on-master: http://review.gluster.org/8659 Tested-by: Gluster Build System Reviewed-by: Shyamsundar Ranganathan Reviewed-by: Vijay Bellur Reviewed-on: http://review.gluster.org/8750 --- xlators/cluster/dht/src/dht-helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'xlators/cluster') diff --git a/xlators/cluster/dht/src/dht-helper.c b/xlators/cluster/dht/src/dht-helper.c index b9715c6d1b6..c3cfc7d6066 100644 --- a/xlators/cluster/dht/src/dht-helper.c +++ b/xlators/cluster/dht/src/dht-helper.c @@ -1728,8 +1728,8 @@ dht_lock_request_cmp (const void *val1, const void *val2) dht_lock_t *lock2 = NULL; int ret = 0; - lock1 = (dht_lock_t *)val1; - lock2 = (dht_lock_t *)val2; + lock1 = *(dht_lock_t **)val1; + lock2 = *(dht_lock_t **)val2; GF_VALIDATE_OR_GOTO ("dht-locks", lock1, out); GF_VALIDATE_OR_GOTO ("dht-locks", lock2, out); -- cgit