Hi Hal
This was reported to me by Ishai R.
Consider function umad_recv line 810:
if ((n = read(port->dev_fd, umad, sizeof *mad + *length)) <=
sizeof *mad + *length) {
DEBUG("mad received by agent %d length %d", mad->agent_id, n);
*length = n - sizeof *mad;
return mad->agent_id;
}
if (n == -EWOULDBLOCK) {
if (!errno)
errno = EWOULDBLOCK;
return n;
}
Seems that umad.c umad_recv would never go through the second "if"
as if the read return n < 0 it will be cought by the first "if".
Then I have noticed that a wrap around of the returned length is also
possible.
The patch fixes these issue.
Eitan
Signed-off-by: Eitan Zahavi <[EMAIL PROTECTED]>
Index: libibumad/src/umad.c
===================================================================
--- libibumad/src/umad.c (revision 8313)
+++ libibumad/src/umad.c (working copy)
@@ -806,10 +806,13 @@ umad_recv(int portid, void *umad, int *l
return n;
}
- if ((n = read(port->dev_fd, umad, sizeof *mad + *length)) <=
- sizeof *mad + *length) {
+ n = read(port->dev_fd, umad, sizeof *mad + *length);
+ if ((n >= 0) && (n <= sizeof *mad + *length)) {
DEBUG("mad received by agent %d length %d", mad->agent_id, n);
+ if (n > sizeof *mad)
*length = n - sizeof *mad;
+ else
+ *length = 0;
return mad->agent_id;
}
_______________________________________________
openib-general mailing list
openib-general@openib.org
http://openib.org/mailman/listinfo/openib-general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
