r2369 - trunk/varnish-cache/bin/varnishd
phk at projects.linpro.no
phk at projects.linpro.no
Wed Jan 23 10:26:03 CET 2008
Author: phk
Date: 2008-01-23 10:26:03 +0100 (Wed, 23 Jan 2008)
New Revision: 2369
Modified:
trunk/varnish-cache/bin/varnishd/cache_pool.c
Log:
Make sure WRK_Flush() always resets w->niov so WRK_Write() does not
overrun the w->iov.
Because niov is right after iov in struct worker, it is hard to predict
what the effect of hitting this bug, but "core dump" is almost a given.
I don't think it has been likely to happen a lot however, as it would
require a full complement of HTTP headers or a very fragmented object.
Coverity Scan (CID:7)
Modified: trunk/varnish-cache/bin/varnishd/cache_pool.c
===================================================================
--- trunk/varnish-cache/bin/varnishd/cache_pool.c 2008-01-22 11:39:58 UTC (rev 2368)
+++ trunk/varnish-cache/bin/varnishd/cache_pool.c 2008-01-23 09:26:03 UTC (rev 2369)
@@ -98,11 +98,11 @@
ssize_t i;
CHECK_OBJ_NOTNULL(w, WORKER_MAGIC);
- if (*w->wfd < 0 || w->niov == 0 || w->werr)
- return (w->werr);
- i = writev(*w->wfd, w->iov, w->niov);
- if (i != w->liov)
- w->werr++;
+ if (*w->wfd >= 0 && w->niov > 0 && w->werr == 0) {
+ i = writev(*w->wfd, w->iov, w->niov);
+ if (i != w->liov)
+ w->werr++;
+ }
w->liov = 0;
w->niov = 0;
return (w->werr);
More information about the varnish-commit
mailing list