From f793118656437d955554a6ccbffd2b612533ef85 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Mon, 6 Aug 2018 12:57:27 -0500
Subject: [PATCH] osd/OSDMapMapping: do not crash if acting > pool size

Existing oversized pg_temp mappings (or some other bug) might make acting
exceed the pool size.  Avoid overrunning out buffer if that happens.

Note that the mapping won't be completely accurate in that case!

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/osd/OSDMapMapping.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/osd/OSDMapMapping.h b/src/osd/OSDMapMapping.h
index 3f14cb8f0c7..e85e85dc6e0 100644
--- a/src/osd/OSDMapMapping.h
+++ b/src/osd/OSDMapMapping.h
@@ -230,8 +230,11 @@ private:
       int32_t *row = &table[row_size() * ps];
       row[0] = acting_primary;
       row[1] = up_primary;
-      row[2] = acting.size();
-      row[3] = up.size();
+      // these should always be <= the pool size, but just in case, avoid
+      // blowing out the array.  Note that our mapping is not completely
+      // accurate in this case--this is just to avoid crashing.
+      row[2] = std::min<int32_t>(acting.size(), size);
+      row[3] = std::min<int32_t>(up.size(), size);
       for (int i = 0; i < row[2]; ++i) {
 	row[4 + i] = acting[i];
       }