There are other instances where "iobuf_arena->page_size" is used in iobuf.c and there are about a dozen callers for iobuf_size(). There needs to be something fishy about the call in the patch you mention to trigger the overrun. On Mon, Mar 23, 2015 at 10:59 PM, Emmanuel Dreyfus <manu@xxxxxxxxxx> wrote: > On Mon, Mar 23, 2015 at 01:51:07PM +0100, Emmanuel Dreyfus wrote: >> I have ran out of smart ideas, and now I am going to start from older >> master and add commits to find the offending one. Any better idea is >> welcome. > > git bissect points a finger to this change: > http://review.gluster.org/9708/ > > Inthe patch I find this: > + iov.iov_len = iobuf_size (iobuf) > > iobuf_size() contains: > size = iobuf->iobuf_arena->page_size; > > and in iobuf_create_stdalloc_arena(): > iobuf_arena->page_size = 0x7fffffff; > > Am I wrong, or is that a good recipe for an overrun? > > > > -- > Emmanuel Dreyfus > manu@xxxxxxxxxx > _______________________________________________ > Gluster-devel mailing list > Gluster-devel@xxxxxxxxxxx > http://www.gluster.org/mailman/listinfo/gluster-devel _______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://www.gluster.org/mailman/listinfo/gluster-devel
