Re: [openib-general] [PATCH] rping: Erroneous check for minumum ping buffer size

Fri, 09 Jun 2006 00:17:39 -0700 

Pradipta Kumar Banerjee wrote:

rping didn't checked correctly for the minimum size of the ping
buffer resulting in the following error from glibc

"*** glibc detected *** free(): invalid next size (fast)"

Signed-off-by: Pradipta Kumar Banerjee <[EMAIL PROTECTED]>
---

Index: rping.c
=============================================================
--- rping.org   2006-06-09 10:57:43.000000000 +0530
+++ rping.c     2006-06-09 11:00:28.000000000 +0530
@@ -96,6 +96,12 @@ struct rping_rdma_info {
 #define RPING_BUFSIZE 64*1024
 #define RPING_SQ_DEPTH 16
+/* Default string for print data and 
+ * minimum buffer size
+ */
+#define RPING_MSG_FMT           "rdma-ping-%d: "
+#define RPING_MIN_BUFSIZE       sizeof(itoa(INT_MAX))+sizeof(RPING_MSG_FMT)
+

Tom,
Just found that 'itoa' is not a built-in library function. The sizeof is returning '4' which is not what we really want. Do we hard-code the value to 10 ( like #define RPING_MIN_BUFSIZE 10 + sizeof(RPING_MSG_FMT) )? INT_MAX is 2147483647 (10 - chars). Other options might include writing our own 'itoa'. 

Thanks,
Pradipta Kumar.


 /*
  * Control block struct.
  */
@@ -774,7 +780,7 @@ static void rping_test_client(struct rpi
                cb->state = RDMA_READ_ADV;
/* Put some ascii text in the buffer. */ 
-               cc = sprintf(cb->start_buf, "rdma-ping-%d: ", ping);
+               cc = sprintf(cb->start_buf, RPING_MSG_FMT, ping);
                for (i = cc, c = start; i < cb->size; i++) {
                        cb->start_buf[i] = c;
                        c++;
@@ -977,11 +983,11 @@ int main(int argc, char *argv[])
                        break;
                case 'S':
                        cb->size = atoi(optarg);
-                       if ((cb->size < 1) ||
+                       if ((cb->size < RPING_MIN_BUFSIZE) ||
                            (cb->size > (RPING_BUFSIZE - 1))) {
                                fprintf(stderr, "Invalid size %d "
-                                      "(valid range is 1 to %d)\n",
-                                      cb->size, RPING_BUFSIZE);
+                                      "(valid range is %d to %d)\n",
+                                      cb->size, RPING_MIN_BUFSIZE, 
RPING_BUFSIZE);
                                ret = EINVAL;
                        } else
                                DEBUG_LOG("size %d\n", (int) atoi(optarg));

_______________________________________________
openib-general mailing list
openib-general@openib.org
http://openib.org/mailman/listinfo/openib-general

To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general





_______________________________________________
openib-general mailing list
openib-general@openib.org
http://openib.org/mailman/listinfo/openib-general

To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general

Reply via email to