Branch: refs/heads/master
Home: https://github.com/mailru/tarantool
Commit: af0a635a4736c0ddcd3f95d65d9346385061ef89
https://github.com/mailru/tarantool/commit/af0a635a4736c0ddcd3f95d65d9346385061ef89
Author: Konstantin Osipov <[email protected]>
Date: 2012-10-18 (Thu, 18 Oct 2012)
Changed paths:
M include/sio.h
M src/coio.m
M src/iobuf.m
Log Message:
-----------
A fix for an ugly bug with memory corruption in the new output buffer.
coio_writev() could modify the passed parameter in case of a
partial write.
It would corrupt struct obuf, which would pass to coio_writev()
a pointer to a vector whose iov_base pointers were later reused.
The following would happen:
- iobuf_flush() would pass obuf->iov to coio_writev
- coio_writev would advance one or two iov_base pointers
- capacity value would hence become meaningless, and a subsequent
obuf_dup() would overwrite heap memory
- we would get a memory corruption in some place very distant
from where the problem originally occurred.
The fix is to preserve iovec values in coio_writev.
This is implemented by keeping a copy of the changed iovec
and restoring the original iovec value at exit from
coio_writev.
_______________________________________________
Mailing list: https://launchpad.net/~tarantool-developers
Post to : [email protected]
Unsubscribe : https://launchpad.net/~tarantool-developers
More help : https://help.launchpad.net/ListHelp
