[stgt] [PATCH] tgtd: fix memory access overrun on array of pthread_t type data
Ryusuke Konishi
konishi.ryusuke at lab.ntt.co.jp
Thu Dec 19 10:56:29 CET 2013
bs_thread_close function accesses memory outside allocated region
because it reads each array element with an index before confirming
that the index is within the range of the array.
This fixes the issue and gets rid of the following warning detected by
valgrind:
==10848== Invalid read of size 8
==10848== at 0x42AF91: bs_thread_close (bs.c:461)
==10848== by 0x42BD94: bs_sheepdog_exit (bs_sheepdog.c:1275)
==10848== by 0x4183B7: tgt_device_destroy (target.c:739)
==10848== by 0x41608D: mtask_received (mgmt.c:251)
==10848== by 0x4164CB: mtask_recv_send_handler (mgmt.c:670)
==10848== by 0x4141F8: event_loop (tgtd.c:428)
==10848== by 0x414899: main (tgtd.c:611)
Signed-off-by: Ryusuke Konishi <konishi.ryusuke at lab.ntt.co.jp>
---
usr/bs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr/bs.c b/usr/bs.c
index b0ee66f..13d3b4e 100644
--- a/usr/bs.c
+++ b/usr/bs.c
@@ -458,7 +458,7 @@ void bs_thread_close(struct bs_thread_info *info)
info->stop = 1;
pthread_cond_broadcast(&info->pending_cond);
- for (i = 0; info->worker_thread[i] && i < info->nr_worker_threads; i++)
+ for (i = 0; i < info->nr_worker_threads && info->worker_thread[i]; i++)
pthread_join(info->worker_thread[i], NULL);
pthread_cond_destroy(&info->pending_cond);
--
1.7.9.3
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the stgt
mailing list