From 66ebbb55918645928bc479c0e723f035a4c1ec11 Mon Sep 17 00:00:00 2001 From: Raghavendra G Date: Thu, 11 Sep 2014 14:23:44 +0530 Subject: cluster/dht: fix memory corruption in locking api. The contents of the array are sorted in ascending order according to a comparison function pointed to by compar, which is called with two arguments that "point to the objects being compared". qsort passes "pointers to members of the array" to comparision function. Since the members of the array happen to be (dht_lock_t *), the arguments passed to dht_lock_request_cmp are of type (dht_lock_t **). Previously we assumed them to be of type (dht_lock_t *), which resulted in memory corruption. Change-Id: Iee0758704434beaff3c3a1ad48d549cbdc9e1c96 BUG: 1140556 Signed-off-by: Raghavendra G Reviewed-on: http://review.gluster.org/8659 Tested-by: Gluster Build System Reviewed-by: Shyamsundar Ranganathan Reviewed-by: Vijay Bellur (cherry picked from commit ed4a754f7b6b103b23b2c3e29b8b749cd9db89f3) Signed-off-by: Nithya Balachandran Reviewed-on: http://review.gluster.org/8733 Reviewed-by: Niels de Vos --- xlators/cluster/dht/src/dht-helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xlators/cluster/dht/src/dht-helper.c b/xlators/cluster/dht/src/dht-helper.c index c436c8686b8..64d6f74acfd 100644 --- a/xlators/cluster/dht/src/dht-helper.c +++ b/xlators/cluster/dht/src/dht-helper.c @@ -1685,8 +1685,8 @@ dht_lock_request_cmp (const void *val1, const void *val2) dht_lock_t *lock2 = NULL; int ret = 0; - lock1 = (dht_lock_t *)val1; - lock2 = (dht_lock_t *)val2; + lock1 = *(dht_lock_t **)val1; + lock2 = *(dht_lock_t **)val2; GF_VALIDATE_OR_GOTO ("dht-locks", lock1, out); GF_VALIDATE_OR_GOTO ("dht-locks", lock2, out); -- cgit