On Wednesday 17 April 2013 16:47:29 Fabio M. Di Nitto wrote: > On 4/17/2013 3:52 PM, José Orlando Pereira wrote: > > The large stack size in cpg_dispatch, resulting from the > > message buffer, is causing a segmentation fault in environments > > with a constrained stack size, namely, when calling into > > cpg_dispatch from Java using JNI (i.e. for > > http://github.com/jopereira/jgcs/tree/master/jgcs-corosync). > > style: char *dispatch_buf = NULL; > > if (dispatch_buf == NULL) { > .... return appropriate error .... > } > > and you will need to repeat this patch for all libraries. Please find revised patch below. Note that I have not tested other libs, as I am using just CPG. But I checked that there are no early returns that would leak. Regards, -- Jose Orlando Pereira diff --git a/lib/cfg.c b/lib/cfg.c index d594324..2a1f236 100644 --- a/lib/cfg.c +++ b/lib/cfg.c @@ -153,7 +153,7 @@ corosync_cfg_dispatch ( struct res_lib_cfg_testshutdown *res_lib_cfg_testshutdown; corosync_cfg_callbacks_t callbacks; struct qb_ipc_response_header *dispatch_data; - char dispatch_buf[IPC_DISPATCH_SIZE]; + char* dispatch_buf = NULL; error = hdb_error_to_cs (hdb_handle_get (&cfg_hdb, cfg_handle, (void *)&cfg_inst)); @@ -169,6 +169,11 @@ corosync_cfg_dispatch ( timeout = 0; } + dispatch_buf = malloc(IPC_DISPATCH_SIZE); + if (dispatch_buf == NULL) { + return CS_ERR_NO_MEMORY; + } + dispatch_data = (struct qb_ipc_response_header *)dispatch_buf; do { error = qb_to_cs_error (qb_ipcc_event_recv ( @@ -241,6 +246,7 @@ corosync_cfg_dispatch ( error_put: (void)hdb_handle_put (&cfg_hdb, cfg_handle); error_nounlock: + free(dispatch_buf); return (error); } diff --git a/lib/cmap.c b/lib/cmap.c index 8a5bed0..e4f2bd3 100644 --- a/lib/cmap.c +++ b/lib/cmap.c @@ -193,7 +193,7 @@ cs_error_t cmap_dispatch ( int cont = 1; /* always continue do loop except when set to 0 */ struct cmap_inst *cmap_inst; struct qb_ipc_response_header *dispatch_data; - char dispatch_buf[IPC_DISPATCH_SIZE]; + char* dispatch_buf = NULL; struct res_lib_cmap_notify_callback *res_lib_cmap_notify_callback; struct cmap_track_inst *cmap_track_inst; struct cmap_notify_value old_val; @@ -212,6 +212,11 @@ cs_error_t cmap_dispatch ( timeout = 0; } + dispatch_buf = malloc(IPC_DISPATCH_SIZE); + if (dispatch_buf == NULL) { + return CS_ERR_NO_MEMORY; + } + dispatch_data = (struct qb_ipc_response_header *)dispatch_buf; do { error = qb_to_cs_error(qb_ipcc_event_recv ( @@ -303,6 +308,7 @@ cs_error_t cmap_dispatch ( error_put: (void)hdb_handle_put (&cmap_handle_t_db, handle); + free(dispatch_buf); return (error); } diff --git a/lib/cpg.c b/lib/cpg.c index b96df4e..4b2c46a 100644 --- a/lib/cpg.c +++ b/lib/cpg.c @@ -346,7 +346,7 @@ cs_error_t cpg_dispatch ( struct cpg_ring_id ring_id; uint32_t totem_member_list[CPG_MEMBERS_MAX]; int32_t errno_res; - char dispatch_buf[IPC_DISPATCH_SIZE]; + char* dispatch_buf = NULL; error = hdb_error_to_cs (hdb_handle_get (&cpg_handle_t_db, handle, (void *)&cpg_inst)); if (error != CS_OK) { @@ -361,6 +361,11 @@ cs_error_t cpg_dispatch ( timeout = 0; } + dispatch_buf = malloc(IPC_DISPATCH_SIZE); + if (dispatch_buf == NULL) { + return CS_ERR_NO_MEMORY; + } + dispatch_data = (struct qb_ipc_response_header *)dispatch_buf; do { errno_res = qb_ipcc_event_recv ( @@ -504,6 +509,7 @@ cs_error_t cpg_dispatch ( error_put: hdb_handle_put (&cpg_handle_t_db, handle); + free(dispatch_buf); return (error); } diff --git a/lib/quorum.c b/lib/quorum.c index 92748da..12e2eae 100644 --- a/lib/quorum.c +++ b/lib/quorum.c @@ -358,7 +358,7 @@ cs_error_t quorum_dispatch ( struct quorum_inst *quorum_inst; quorum_callbacks_t callbacks; struct qb_ipc_response_header *dispatch_data; - char dispatch_buf[IPC_DISPATCH_SIZE]; + char* dispatch_buf = NULL; struct res_lib_quorum_notification *res_lib_quorum_notification; if (dispatch_types != CS_DISPATCH_ONE && @@ -383,6 +383,11 @@ cs_error_t quorum_dispatch ( timeout = 0; } + dispatch_buf = malloc(IPC_DISPATCH_SIZE); + if (dispatch_buf == NULL) { + return CS_ERR_NO_MEMORY; + } + dispatch_data = (struct qb_ipc_response_header *)dispatch_buf; do { error = qb_to_cs_error (qb_ipcc_event_recv ( @@ -459,5 +464,6 @@ cs_error_t quorum_dispatch ( error_put: (void)hdb_handle_put (&quorum_handle_t_db, handle); + free(dispatch_buf); return (error); } diff --git a/lib/votequorum.c b/lib/votequorum.c index 56ac517..79d1f16 100644 --- a/lib/votequorum.c +++ b/lib/votequorum.c @@ -437,7 +437,7 @@ cs_error_t votequorum_dispatch ( struct qb_ipc_response_header *dispatch_data; struct res_lib_votequorum_notification *res_lib_votequorum_notification; struct res_lib_votequorum_expectedvotes_notification *res_lib_votequorum_expectedvotes_notification; - char dispatch_buf[IPC_DISPATCH_SIZE]; + char* dispatch_buf = NULL; if (dispatch_types != CS_DISPATCH_ONE && dispatch_types != CS_DISPATCH_ALL && @@ -461,6 +461,11 @@ cs_error_t votequorum_dispatch ( timeout = 0; } + dispatch_buf = malloc(IPC_DISPATCH_SIZE); + if (dispatch_buf == NULL) { + return CS_ERR_NO_MEMORY; + } + dispatch_data = (struct qb_ipc_response_header *)dispatch_buf; do { error = qb_to_cs_error (qb_ipcc_event_recv ( @@ -551,6 +556,7 @@ cs_error_t votequorum_dispatch ( error_put: hdb_handle_put (&votequorum_handle_t_db, handle); + free(dispatch_buf); return (error); }
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ discuss mailing list discuss@xxxxxxxxxxxx http://lists.corosync.org/mailman/listinfo/discuss
