RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-01-20 18:21:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

osd: fix theoretical use-after-free of OSDMap

Browse Source 
In practice, the map will remain pinned for a while, but this
will make coverity happy.

*** CID 1231685:  Use after free  (USE_AFTER_FREE)
/osd/OSD.cc: 6223 in OSD::handle_osd_map(MOSDMap *)()
6217
6218           if (o->test_flag(CEPH_OSDMAP_FULL))
6219            last_marked_full = e;
6220           pinned_maps.push_back(add_map(o));
6221
6222           bufferlist fbl;
>>>     CID 1231685:  Use after free  (USE_AFTER_FREE)
>>>     Calling "encode" dereferences freed pointer "o".
6223           o->encode(fbl);
6224
6225           hobject_t fulloid = get_osdmap_pobject_name(e);
6226           t.write(coll_t::META_COLL, fulloid, 0, fbl.length(), fbl);
6227           pin_map_bl(e, fbl);
6228           continue;

Signed-off-by: Sage Weil <sage@redhat.com>
This commit is contained in:
Sage Weil 2014-08-16 14:51:31 -07:00
parent 44a0e3766a
commit 0e07f7f045
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/osd/OSD.cc
View File

@ -6183,11 +6183,11 @@ void OSD::handle_osd_map(MOSDMap *m)
o->decode(bl);
if (o->test_flag(CEPH_OSDMAP_FULL))
last_marked_full = e;
pinned_maps.push_back(add_map(o));
hobject_t fulloid = get_osdmap_pobject_name(e);
t.write(coll_t::META_COLL, fulloid, 0, bl.length(), bl);
pin_map_bl(e, bl);
pinned_maps.push_back(add_map(o));
continue;
}
@ -6217,7 +6217,6 @@ void OSD::handle_osd_map(MOSDMap *m)
if (o->test_flag(CEPH_OSDMAP_FULL))
last_marked_full = e;
pinned_maps.push_back(add_map(o));
bufferlist fbl;
o->encode(fbl);
@ -6225,6 +6224,7 @@ void OSD::handle_osd_map(MOSDMap *m)
hobject_t fulloid = get_osdmap_pobject_name(e);
t.write(coll_t::META_COLL, fulloid, 0, fbl.length(), fbl);
pin_map_bl(e, fbl);
pinned_maps.push_back(add_map(o));
continue;
}