re: libceph: follow redirect replies from osds

From: Colin Ian King
Date: Fri Feb 28 2020 - 07:46:16 EST

Next message: Mr Ben Bruce Ofunwa: "Urgent reply"
Previous message: Kirill Tkhai: "Re: [PATCH RFC 0/5] fs, ext4: Physical blocks placement hint for fallocate(0): fallocate2(). TP defrag."
Next in thread: Jeff Layton: "Re: libceph: follow redirect replies from osds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Static analysis with Coverity has detected a potential issue in the
following commit in function ceph_redirect_decode():

commit 205ee1187a671c3b067d7f1e974903b44036f270
Author: Ilya Dryomov <ilya.dryomov@xxxxxxxxxxx>
Date: Mon Jan 27 17:40:20 2014 +0200

libceph: follow redirect replies from osds

The issue is as follows:

3486 len = ceph_decode_32(p);

Unused value (UNUSED_VALUE)
assigned_pointer: Assigning value from len to *p here, but that stored
value is overwritten before it can be used.

3487 *p += len; /* skip osd_instructions */
3488
3489 /* skip the rest */

value_overwrite: Overwriting previous write to *p with value from
struct_end.

3490 *p = struct_end;

The *p assignment in line 3487 is effectively being overwritten by the
*p assignment in 3490. Maybe the following is correct:

len = ceph_decode_32(p);
- p += len; /* skip osd_instructions */
+ struct_end = *p + len; /* skip osd_instructions */

/* skip the rest */
*p = struct_end;

I'm not familiar with the ceph structure here, so I'm not sure what the
correct fix would be.

Colin

Next message: Mr Ben Bruce Ofunwa: "Urgent reply"
Previous message: Kirill Tkhai: "Re: [PATCH RFC 0/5] fs, ext4: Physical blocks placement hint for fallocate(0): fallocate2(). TP defrag."
Next in thread: Jeff Layton: "Re: libceph: follow redirect replies from osds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]