[PATCH] logproto: In case of partial writing there were a problem in the pos calculating (fixes: #24459)

Sat Oct 29 11:29:18 CEST 2011

If the log messages has different length and only a partial write
happen the log_proto_file_writer_flush there are a possible buffer
under/overflow happen.

The problematic part is in the calculation about the last written
byte of the last written message. The calculation is not just too
difficult to follow but use the wrong message length in it.
Because of this ther are buffer under/overflow may happen or
starting to read the message in wrong position, causing messing the
log.
---
 lib/logproto.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/logproto.c b/lib/logproto.c
index 9ee6ec5..43f015f 100644
--- a/lib/logproto.c
+++ b/lib/logproto.c
@@ -271,7 +271,7 @@ static LogProtoStatus
 log_proto_file_writer_flush(LogProto *s)
 {
   LogProtoFileWriter *self = (LogProtoFileWriter *)s;
-  gint rc, i, i0, sum, ofs;
+  gint rc, i, i0, sum, ofs, pos;
 
   /* we might be called from log_writer_deinit() without having a buffer at all */
 
@@ -314,7 +314,8 @@ log_proto_file_writer_flush(LogProto *s)
       /* allocate and copy the remaning data */
       self->partial = (guchar *)g_malloc(self->partial_len);
       ofs = sum - rc; /* the length of the remaning (not processed) chunk in the first message */
-        memcpy(self->partial, self->buffer[i0].iov_base + rc - (i0 > 0 ? (sum - self->buffer[i0 - 1].iov_len) : 0), ofs);
+      pos = self->buffer[i0].iov_len - ofs;
+      memcpy(self->partial, self->buffer[i0].iov_base + pos, ofs);
       i = i0 + 1;
       while (i < self->buf_count)
         {
-- 
1.7.7.1



-- 
|8]

