summaryrefslogtreecommitdiffstats
path: root/xlators/cluster/dht
diff options
context:
space:
mode:
authorRaghavendra G <rgowdapp@redhat.com>2014-09-09 11:33:14 +0530
committerVijay Bellur <vbellur@redhat.com>2014-09-09 20:29:42 -0700
commited4a754f7b6b103b23b2c3e29b8b749cd9db89f3 (patch)
tree36bb8dfe96e0fabc926f10e9f1a485848173b036 /xlators/cluster/dht
parentb3314ea6e820fb659255d0e6e9a32ea259b7526d (diff)
cluster/dht: fix memory corruption in locking api.
<man 3 qsort> The contents of the array are sorted in ascending order according to a comparison function pointed to by compar, which is called with two arguments that "point to the objects being compared". </man 3 qsort> qsort passes "pointers to members of the array" to comparision function. Since the members of the array happen to be (dht_lock_t *), the arguments passed to dht_lock_request_cmp are of type (dht_lock_t **). Previously we assumed them to be of type (dht_lock_t *), which resulted in memory corruption. Change-Id: Iee0758704434beaff3c3a1ad48d549cbdc9e1c96 BUG: 1139506 Signed-off-by: Raghavendra G <rgowdapp@redhat.com> Reviewed-on: http://review.gluster.org/8659 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/cluster/dht')
-rw-r--r--xlators/cluster/dht/src/dht-helper.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/xlators/cluster/dht/src/dht-helper.c b/xlators/cluster/dht/src/dht-helper.c
index 2d32f69580b..e7ae5c2b002 100644
--- a/xlators/cluster/dht/src/dht-helper.c
+++ b/xlators/cluster/dht/src/dht-helper.c
@@ -1728,8 +1728,8 @@ dht_lock_request_cmp (const void *val1, const void *val2)
dht_lock_t *lock2 = NULL;
int ret = 0;
- lock1 = (dht_lock_t *)val1;
- lock2 = (dht_lock_t *)val2;
+ lock1 = *(dht_lock_t **)val1;
+ lock2 = *(dht_lock_t **)val2;
GF_VALIDATE_OR_GOTO ("dht-locks", lock1, out);
GF_VALIDATE_OR_GOTO ("dht-locks", lock2, out);