From 00c090b093c147a95bfb8fce93f08303993e1995 Mon Sep 17 00:00:00 2001 From: Xavi Hernandez Date: Fri, 20 Dec 2019 14:14:32 +0100 Subject: multiple: fix bad type cast When using inode_ctx_get() or inode_ctx_set(), a 'uint64_t *' is expected. In many cases, the value to retrieve or store is a pointer, which will be of smaller size in some architectures (for example 32-bits). In this case, directly passing the address of the pointer casted to an 'uint64_t *' is wrong and can cause memory corruption. Change-Id: Iae616da9dda528df6743fa2f65ae5cff5ad23258 Signed-off-by: Xavi Hernandez Fixes: bz#1785611 --- xlators/performance/io-cache/src/io-cache.c | 8 +++----- xlators/performance/nl-cache/src/nl-cache-helper.c | 11 ++++++++--- xlators/performance/readdir-ahead/src/readdir-ahead.c | 3 ++- 3 files changed, 13 insertions(+), 9 deletions(-) (limited to 'xlators/performance') diff --git a/xlators/performance/io-cache/src/io-cache.c b/xlators/performance/io-cache/src/io-cache.c index 821ed65bd05..c007e0a355d 100644 --- a/xlators/performance/io-cache/src/io-cache.c +++ b/xlators/performance/io-cache/src/io-cache.c @@ -381,14 +381,12 @@ ioc_forget(xlator_t *this, inode_t *inode) static int32_t ioc_invalidate(xlator_t *this, inode_t *inode) { - uint64_t ioc_addr = 0; - ioc_inode_t *ioc_inode = NULL; + uint64_t ioc_inode = 0; - inode_ctx_get(inode, this, (uint64_t *)&ioc_addr); - ioc_inode = (void *)(uintptr_t)ioc_addr; + inode_ctx_get(inode, this, &ioc_inode); if (ioc_inode) - ioc_inode_flush(ioc_inode); + ioc_inode_flush((ioc_inode_t *)(uintptr_t)ioc_inode); return 0; } diff --git a/xlators/performance/nl-cache/src/nl-cache-helper.c b/xlators/performance/nl-cache/src/nl-cache-helper.c index 4314038dcd9..03dedf8ea08 100644 --- a/xlators/performance/nl-cache/src/nl-cache-helper.c +++ b/xlators/performance/nl-cache/src/nl-cache-helper.c @@ -164,16 +164,19 @@ static int nlc_inode_ctx_set(xlator_t *this, inode_t *inode, nlc_ctx_t *nlc_ctx, nlc_pe_t *nlc_pe_p) { + uint64_t ctx1, ctx2; int ret = -1; + ctx1 = (uint64_t)(uintptr_t)nlc_ctx; + ctx2 = (uint64_t)(uintptr_t)nlc_pe_p; + /* The caller may choose to set one of the ctxs, hence check * if the ctx1/2 is non zero and then send the address. If we * blindly send the address of both the ctxs, it may reset the * ctx the caller had sent NULL(intended as leave untouched) for.*/ LOCK(&inode->lock); { - ret = __inode_ctx_set2(inode, this, nlc_ctx ? (uint64_t *)&nlc_ctx : 0, - nlc_pe_p ? (uint64_t *)&nlc_pe_p : 0); + ret = __inode_ctx_set2(inode, this, ctx1 ? &ctx1 : 0, ctx2 ? &ctx2 : 0); } UNLOCK(&inode->lock); return ret; @@ -285,6 +288,7 @@ out: static nlc_ctx_t * nlc_inode_ctx_get_set(xlator_t *this, inode_t *inode, nlc_ctx_t **nlc_ctx_p) { + uint64_t ctx; int ret = 0; nlc_ctx_t *nlc_ctx = NULL; nlc_conf_t *conf = NULL; @@ -315,7 +319,8 @@ nlc_inode_ctx_get_set(xlator_t *this, inode_t *inode, nlc_ctx_t **nlc_ctx_p) goto unlock; } - ret = __inode_ctx_set2(inode, this, (uint64_t *)&nlc_ctx, NULL); + ctx = (uint64_t)(uintptr_t)nlc_ctx; + ret = __inode_ctx_set2(inode, this, &ctx, NULL); if (ret) { gf_msg(this->name, GF_LOG_ERROR, ENOMEM, NLC_MSG_NO_MEMORY, "inode ctx set failed"); diff --git a/xlators/performance/readdir-ahead/src/readdir-ahead.c b/xlators/performance/readdir-ahead/src/readdir-ahead.c index 933941d8a92..4ba7ee7077a 100644 --- a/xlators/performance/readdir-ahead/src/readdir-ahead.c +++ b/xlators/performance/readdir-ahead/src/readdir-ahead.c @@ -98,7 +98,8 @@ __rda_inode_ctx_get(inode_t *inode, xlator_t *this) GF_ATOMIC_INIT(ctx_p->generation, 0); - ret = __inode_ctx_set1(inode, this, (uint64_t *)&ctx_p); + ctx_uint = (uint64_t)(uintptr_t)ctx_p; + ret = __inode_ctx_set1(inode, this, &ctx_uint); if (ret < 0) { GF_FREE(ctx_p); return NULL; -- cgit