On Wednesday 17 April 2013 16:47:29 Fabio M. Di Nitto wrote: > On 4/17/2013 3:52 PM, José Orlando Pereira wrote: > > The large stack size in cpg_dispatch, resulting from the > > message buffer, is causing a segmentation fault in environments > > with a constrained stack size, namely, when calling into > > cpg_dispatch from Java using JNI (i.e. for > > http://github.com/jopereira/jgcs/tree/master/jgcs-corosync). > > style: char *dispatch_buf = NULL; > > if (dispatch_buf == NULL) { > .... return appropriate error .... > } > > and you will need to repeat this patch for all libraries.
Please find revised patch below. Note that I have not tested other libs, as I am
using just CPG. But I checked that there are no early returns that would leak.
Regards,
--
Jose Orlando Pereira
diff --git a/lib/cfg.c b/lib/cfg.c
index d594324..2a1f236 100644
--- a/lib/cfg.c
+++ b/lib/cfg.c
@@ -153,7 +153,7 @@ corosync_cfg_dispatch (
struct res_lib_cfg_testshutdown *res_lib_cfg_testshutdown;
corosync_cfg_callbacks_t callbacks;
struct qb_ipc_response_header *dispatch_data;
- char dispatch_buf[IPC_DISPATCH_SIZE];
+ char* dispatch_buf = NULL;
error = hdb_error_to_cs (hdb_handle_get (&cfg_hdb, cfg_handle,
(void *)&cfg_inst));
@@ -169,6 +169,11 @@ corosync_cfg_dispatch (
timeout = 0;
}
+ dispatch_buf = malloc(IPC_DISPATCH_SIZE);
+ if (dispatch_buf == NULL) {
+ return CS_ERR_NO_MEMORY;
+ }
+
dispatch_data = (struct qb_ipc_response_header *)dispatch_buf;
do {
error = qb_to_cs_error (qb_ipcc_event_recv (
@@ -241,6 +246,7 @@ corosync_cfg_dispatch (
error_put:
(void)hdb_handle_put (&cfg_hdb, cfg_handle);
error_nounlock:
+ free(dispatch_buf);
return (error);
}
diff --git a/lib/cmap.c b/lib/cmap.c
index 8a5bed0..e4f2bd3 100644
--- a/lib/cmap.c
+++ b/lib/cmap.c
@@ -193,7 +193,7 @@ cs_error_t cmap_dispatch (
int cont = 1; /* always continue do loop except when set to 0 */
struct cmap_inst *cmap_inst;
struct qb_ipc_response_header *dispatch_data;
- char dispatch_buf[IPC_DISPATCH_SIZE];
+ char* dispatch_buf = NULL;
struct res_lib_cmap_notify_callback *res_lib_cmap_notify_callback;
struct cmap_track_inst *cmap_track_inst;
struct cmap_notify_value old_val;
@@ -212,6 +212,11 @@ cs_error_t cmap_dispatch (
timeout = 0;
}
+ dispatch_buf = malloc(IPC_DISPATCH_SIZE);
+ if (dispatch_buf == NULL) {
+ return CS_ERR_NO_MEMORY;
+ }
+
dispatch_data = (struct qb_ipc_response_header *)dispatch_buf;
do {
error = qb_to_cs_error(qb_ipcc_event_recv (
@@ -303,6 +308,7 @@ cs_error_t cmap_dispatch (
error_put:
(void)hdb_handle_put (&cmap_handle_t_db, handle);
+ free(dispatch_buf);
return (error);
}
diff --git a/lib/cpg.c b/lib/cpg.c
index b96df4e..4b2c46a 100644
--- a/lib/cpg.c
+++ b/lib/cpg.c
@@ -346,7 +346,7 @@ cs_error_t cpg_dispatch (
struct cpg_ring_id ring_id;
uint32_t totem_member_list[CPG_MEMBERS_MAX];
int32_t errno_res;
- char dispatch_buf[IPC_DISPATCH_SIZE];
+ char* dispatch_buf = NULL;
error = hdb_error_to_cs (hdb_handle_get (&cpg_handle_t_db, handle,
(void *)&cpg_inst));
if (error != CS_OK) {
@@ -361,6 +361,11 @@ cs_error_t cpg_dispatch (
timeout = 0;
}
+ dispatch_buf = malloc(IPC_DISPATCH_SIZE);
+ if (dispatch_buf == NULL) {
+ return CS_ERR_NO_MEMORY;
+ }
+
dispatch_data = (struct qb_ipc_response_header *)dispatch_buf;
do {
errno_res = qb_ipcc_event_recv (
@@ -504,6 +509,7 @@ cs_error_t cpg_dispatch (
error_put:
hdb_handle_put (&cpg_handle_t_db, handle);
+ free(dispatch_buf);
return (error);
}
diff --git a/lib/quorum.c b/lib/quorum.c
index 92748da..12e2eae 100644
--- a/lib/quorum.c
+++ b/lib/quorum.c
@@ -358,7 +358,7 @@ cs_error_t quorum_dispatch (
struct quorum_inst *quorum_inst;
quorum_callbacks_t callbacks;
struct qb_ipc_response_header *dispatch_data;
- char dispatch_buf[IPC_DISPATCH_SIZE];
+ char* dispatch_buf = NULL;
struct res_lib_quorum_notification *res_lib_quorum_notification;
if (dispatch_types != CS_DISPATCH_ONE &&
@@ -383,6 +383,11 @@ cs_error_t quorum_dispatch (
timeout = 0;
}
+ dispatch_buf = malloc(IPC_DISPATCH_SIZE);
+ if (dispatch_buf == NULL) {
+ return CS_ERR_NO_MEMORY;
+ }
+
dispatch_data = (struct qb_ipc_response_header *)dispatch_buf;
do {
error = qb_to_cs_error (qb_ipcc_event_recv (
@@ -459,5 +464,6 @@ cs_error_t quorum_dispatch (
error_put:
(void)hdb_handle_put (&quorum_handle_t_db, handle);
+ free(dispatch_buf);
return (error);
}
diff --git a/lib/votequorum.c b/lib/votequorum.c
index 56ac517..79d1f16 100644
--- a/lib/votequorum.c
+++ b/lib/votequorum.c
@@ -437,7 +437,7 @@ cs_error_t votequorum_dispatch (
struct qb_ipc_response_header *dispatch_data;
struct res_lib_votequorum_notification *res_lib_votequorum_notification;
struct res_lib_votequorum_expectedvotes_notification
*res_lib_votequorum_expectedvotes_notification;
- char dispatch_buf[IPC_DISPATCH_SIZE];
+ char* dispatch_buf = NULL;
if (dispatch_types != CS_DISPATCH_ONE &&
dispatch_types != CS_DISPATCH_ALL &&
@@ -461,6 +461,11 @@ cs_error_t votequorum_dispatch (
timeout = 0;
}
+ dispatch_buf = malloc(IPC_DISPATCH_SIZE);
+ if (dispatch_buf == NULL) {
+ return CS_ERR_NO_MEMORY;
+ }
+
dispatch_data = (struct qb_ipc_response_header *)dispatch_buf;
do {
error = qb_to_cs_error (qb_ipcc_event_recv (
@@ -551,6 +556,7 @@ cs_error_t votequorum_dispatch (
error_put:
hdb_handle_put (&votequorum_handle_t_db, handle);
+ free(dispatch_buf);
return (error);
}
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ discuss mailing list [email protected] http://lists.corosync.org/mailman/listinfo/discuss
