From: Sebastien Buisson <sebastien.buisson@bull.net>
Date: Wed, 2 Oct 2013 09:29:14 +0000 (+0200)
Subject: LU-4047 build: fix 'memory' errors
X-Git-Tag: 2.5.52~93
X-Git-Url: https://git.whamcloud.com/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F22%2F7822%2F4;p=fs%2Flustre-release.git

LU-4047 build: fix 'memory' errors

Fix 'memory corruption' defects found by Coverity version 6.6.1:
Out-of-bounds write (OVERRUN)
Overrunning array at byte offset using index.
Fix 'memory illegal accesses' defects found by Coverity version 6.6.1:
Read from pointer after free (USE_AFTER_FREE)
Dereferencing freed pointer.
Readlink used insecurely (READLINK)
buffer[sizeof(buffer)] is an off-by-one error.

Signed-off-by: Sebastien Buisson <sebastien.buisson@bull.net>
Change-Id: I91af9fae93f89275cf6d3ad97bdc37958c0d709e
Reviewed-on: http://review.whamcloud.com/7822
Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com>
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
---

diff --git a/lustre/quota/qsd_writeback.c b/lustre/quota/qsd_writeback.c
index 19f9f17..aa7e005 100644
--- a/lustre/quota/qsd_writeback.c
+++ b/lustre/quota/qsd_writeback.c
@@ -126,9 +126,7 @@ static void qsd_add_deferred(struct qsd_instance *qsd, cfs_list_t *list,
 				     "with ver:"LPU64"", tmp->qur_ver);
 			cfs_list_del_init(&tmp->qur_link);
 			qsd_upd_free(tmp);
-		}
-
-		if (upd->qur_ver < tmp->qur_ver) {
+		} else if (upd->qur_ver < tmp->qur_ver) {
 			continue;
 		} else {
 			cfs_list_add_tail(&upd->qur_link, &tmp->qur_link);
diff --git a/lustre/utils/lhsmtool_posix.c b/lustre/utils/lhsmtool_posix.c
index c283e63..0709264 100644
--- a/lustre/utils/lhsmtool_posix.c
+++ b/lustre/utils/lhsmtool_posix.c
@@ -934,7 +934,7 @@ static int ct_archive(const struct hsm_action_item *hai, const long hal_flags)
 		int		 linkno = 0;
 		char		*ptr;
 		int		 depth = 0;
-		int		 sz;
+		ssize_t		 sz;
 
 		sprintf(buf, DFID, PFID(&hai->hai_fid));
 		sprintf(src, "%s/shadow/", opt.o_hsm_root);
@@ -968,6 +968,12 @@ static int ct_archive(const struct hsm_action_item *hai, const long hal_flags)
 		}
 		/* symlink already exists ? */
 		sz = readlink(src, buf, sizeof(buf));
+		/* detect truncation */
+		if (sz == sizeof(buf)) {
+			rcf = rcf ? rcf : -E2BIG;
+			CT_ERROR(rcf, "readlink '%s' truncated", src);
+			goto fini_minor;
+		}
 		if (sz >= 0) {
 			buf[sz] = '\0';
 			if (sz == 0 || strncmp(buf, dst, sz) != 0) {