[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Cluster-devel] cluster/cman-kernel/src sm_message.c



CVSROOT:	/cvs/cluster
Module name:	cluster
Branch: 	RHEL4
Changes by:	teigland sourceware org	2007-10-02 20:40:48

Modified files:
	cman-kernel/src: sm_message.c 

Log message:
	bz 199433
	
	The bad pointer dereferences aren't in process_messages() as the oops
	message shows, but in another function that's been inlined.  I think
	it's likely that process_leave_request() (or possibly
	process_join_request) are getting a NULL "sev" struct and using it.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/cman-kernel/src/sm_message.c.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.4.2.4&r2=1.4.2.5

--- cluster/cman-kernel/src/Attic/sm_message.c	2007/08/14 17:05:10	1.4.2.4
+++ cluster/cman-kernel/src/Attic/sm_message.c	2007/10/02 20:40:47	1.4.2.5
@@ -389,6 +389,15 @@
 		 */
 
 		if (test_bit(SGFL_SEVENT, &sg->flags)) {
+
+			/* not sure how/when this happens */
+			if (!sg->sevent) {
+				log_print("process_join_request from %d "
+					  "sevent flag no struct", nodeid);
+				reply.ms_status = STATUS_NEG;
+				goto send;
+			}
+
 			sev = sg->sevent;
 
 			/*
@@ -581,6 +590,15 @@
 
 		else if (test_bit(SGFL_SEVENT, &sg->flags) &&
 			 nodeid != sm_our_nodeid) {
+
+			/* not sure how/when this happens */
+			if (!sg->sevent) {
+				log_print("process_leave_request from %d "
+					  "sevent flag no struct", nodeid);
+				reply.ms_status = STATUS_NEG;
+				goto out;
+			}
+
 			sev = sg->sevent;
 
 			/*
@@ -625,7 +643,7 @@
 		}
 
 	}
-
+ out:
 	smsg_bswap_out(&reply);
 	send_nodeid_message((char *) &reply, sizeof(reply), nodeid);
 }


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]