From: Liu Yuan <[email protected]> rw->done is index of the original next object to be recovered and also the number of objects already recovered. So rw->done - 1 identify an already recovered object. A another caller case is that, if rw->done == 0, we'll end up with a -1 valule, which might cause seg fault in the array.
Signed-off-by: Liu Yuan <[email protected]> --- sheep/recovery.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sheep/recovery.c b/sheep/recovery.c index 59ac9d6..521d58f 100644 --- a/sheep/recovery.c +++ b/sheep/recovery.c @@ -300,8 +300,12 @@ bool oid_in_recovery(uint64_t oid) if (rw->state == RW_INIT) return true; - /* FIXME: do we need more efficient yet complex data structure? */ - for (i = rw->done - 1; i < rw->count; i++) + /* + * Check if oid is in the list that to be recovered later + * + * FIXME: do we need more efficient yet complex data structure? + */ + for (i = rw->done; i < rw->count; i++) if (rw->oids[i] == oid) break; -- 1.7.10.2 -- sheepdog mailing list [email protected] http://lists.wpkg.org/mailman/listinfo/sheepdog
