[jira] [Commented] (TS-2618) IOBufferBlock::realloc()'s bounds check is wrong
[ https://issues.apache.org/jira/browse/TS-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14011212#comment-14011212 ] ASF subversion and git services commented on TS-2618: - Commit 3e35848dc793aec663d03faa56080c7d03d6fd9b in trafficserver's branch refs/heads/master from [~zwoop] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=3e35848 ] TS-2618] IOBufferBlock::realloc()'s bounds check is wrong. Original suggestions from William Bardwell. IOBufferBlock::realloc()'s bounds check is wrong Key: TS-2618 URL: https://issues.apache.org/jira/browse/TS-2618 Project: Traffic Server Issue Type: Bug Components: Core Reporter: William Bardwell Assignee: William Bardwell Fix For: 5.0.0 Presumably this never fires, but: {code} if (i = (int64_t) sizeof(ioBufAllocator)) return; {code} looks wrong, it looks like i is an index into that array, so it should be {code} i = SIZE(ioBufAllocator)) {code} (SIZE() from ink_defs.h) -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2618) IOBufferBlock::realloc()'s bounds check is wrong
[ https://issues.apache.org/jira/browse/TS-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14010273#comment-14010273 ] Bryan Call commented on TS-2618: [~wbardwel] I dont see SIZE defined in ink_defs.h? IOBufferBlock::realloc()'s bounds check is wrong Key: TS-2618 URL: https://issues.apache.org/jira/browse/TS-2618 Project: Traffic Server Issue Type: Bug Components: Core Reporter: William Bardwell Assignee: William Bardwell Fix For: 5.1.0 Presumably this never fires, but: {code} if (i = (int64_t) sizeof(ioBufAllocator)) return; {code} looks wrong, it looks like i is an index into that array, so it should be {code} i = SIZE(ioBufAllocator)) {code} (SIZE() from ink_defs.h) -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2618) IOBufferBlock::realloc()'s bounds check is wrong
[ https://issues.apache.org/jira/browse/TS-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14010540#comment-14010540 ] William Bardwell commented on TS-2618: -- Must have gotten moved/renamed since that was a very confusing name: ./ink_defs.h:#define SIZE(x) (sizeof(x)/sizeof((x)[0])) IOBufferBlock::realloc()'s bounds check is wrong Key: TS-2618 URL: https://issues.apache.org/jira/browse/TS-2618 Project: Traffic Server Issue Type: Bug Components: Core Reporter: William Bardwell Assignee: William Bardwell Fix For: 5.1.0 Presumably this never fires, but: {code} if (i = (int64_t) sizeof(ioBufAllocator)) return; {code} looks wrong, it looks like i is an index into that array, so it should be {code} i = SIZE(ioBufAllocator)) {code} (SIZE() from ink_defs.h) -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2618) IOBufferBlock::realloc()'s bounds check is wrong
[ https://issues.apache.org/jira/browse/TS-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14010547#comment-14010547 ] Leif Hedstrom commented on TS-2618: --- Ah, I think that's the countof or something now? IOBufferBlock::realloc()'s bounds check is wrong Key: TS-2618 URL: https://issues.apache.org/jira/browse/TS-2618 Project: Traffic Server Issue Type: Bug Components: Core Reporter: William Bardwell Assignee: William Bardwell Fix For: 5.1.0 Presumably this never fires, but: {code} if (i = (int64_t) sizeof(ioBufAllocator)) return; {code} looks wrong, it looks like i is an index into that array, so it should be {code} i = SIZE(ioBufAllocator)) {code} (SIZE() from ink_defs.h) -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2618) IOBufferBlock::realloc()'s bounds check is wrong
[ https://issues.apache.org/jira/browse/TS-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14010652#comment-14010652 ] Leif Hedstrom commented on TS-2618: --- Maybe {code} diff --git a/iocore/eventsystem/P_IOBuffer.h b/iocore/eventsystem/P_IOBuffer.h index 20e1405..55b8add 100644 --- a/iocore/eventsystem/P_IOBuffer.h +++ b/iocore/eventsystem/P_IOBuffer.h @@ -530,10 +530,9 @@ IOBufferBlock::realloc_xmalloc(int64_t buf_size) TS_INLINE void IOBufferBlock::realloc(int64_t i) { - if (i == data-_size_index) -return; - if (i = (int64_t) sizeof(ioBufAllocator)) + if ((i == data-_size_index) || (i = (int64_t)countof(ioBufAllocator))) { return; + } ink_release_assert(i data-_size_index i != BUFFER_SIZE_NOT_ALLOCATED); void *b = ioBufAllocator[i].alloc_void(); {code} Now, looking at this, I think this is something I really foobared way back when (32-bit - 64-bit migration). There's really no reason for this index to be 64-bit. Should we go through and try fix that? The issue sometimes is that we overlap sizes and indexes, such that APIs can deal with either (if I recall). It's wonky IOBufferBlock::realloc()'s bounds check is wrong Key: TS-2618 URL: https://issues.apache.org/jira/browse/TS-2618 Project: Traffic Server Issue Type: Bug Components: Core Reporter: William Bardwell Assignee: William Bardwell Fix For: 5.1.0 Presumably this never fires, but: {code} if (i = (int64_t) sizeof(ioBufAllocator)) return; {code} looks wrong, it looks like i is an index into that array, so it should be {code} i = SIZE(ioBufAllocator)) {code} (SIZE() from ink_defs.h) -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2618) IOBufferBlock::realloc()'s bounds check is wrong
[ https://issues.apache.org/jira/browse/TS-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14002541#comment-14002541 ] Bryan Call commented on TS-2618: [~wbardwel] Please try to fix in the next week for the 5.0 release, if not please move to the 5.1 release. IOBufferBlock::realloc()'s bounds check is wrong Key: TS-2618 URL: https://issues.apache.org/jira/browse/TS-2618 Project: Traffic Server Issue Type: Bug Components: Core Reporter: William Bardwell Assignee: William Bardwell Fix For: 5.0.0 Presumably this never fires, but: {code} if (i = (int64_t) sizeof(ioBufAllocator)) return; {code} looks wrong, it looks like i is an index into that array, so it should be {code} i = SIZE(ioBufAllocator)) {code} (SIZE() from ink_defs.h) -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2618) IOBufferBlock::realloc()'s bounds check is wrong
[ https://issues.apache.org/jira/browse/TS-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13921325#comment-13921325 ] Leif Hedstrom commented on TS-2618: --- Good to see you back with patches :). Nothing has changed btw, it's still primarily commit then review, so by all means, go ahead and start committing again. I'm assigning this to you. IOBufferBlock::realloc()'s bounds check is wrong Key: TS-2618 URL: https://issues.apache.org/jira/browse/TS-2618 Project: Traffic Server Issue Type: Bug Components: Core Reporter: William Bardwell Fix For: 5.0.0 Presumably this never fires, but: if (i = (int64_t) sizeof(ioBufAllocator)) return; looks wrong, it looks like i is an index into that array, so it should be i = SIZE(ioBufAllocator)) (SIZE() from ink_defs.h) -- This message was sent by Atlassian JIRA (v6.2#6252)