Signed-off-by: Jens Axboe <axboe@fb.com>
*/
struct fio_net_cmd *fio_net_recv_cmd(int sk)
{
*/
struct fio_net_cmd *fio_net_recv_cmd(int sk)
{
- struct fio_net_cmd cmd, *cmdret = NULL;
+ struct fio_net_cmd cmd, *tmp, *cmdret = NULL;
size_t cmd_size = 0, pdu_offset = 0;
uint16_t crc;
int ret, first = 1;
size_t cmd_size = 0, pdu_offset = 0;
uint16_t crc;
int ret, first = 1;
} else
cmd_size += cmd.pdu_len;
} else
cmd_size += cmd.pdu_len;
- cmdret = realloc(cmdret, cmd_size);
+ if (cmd_size / 1024 > FIO_SERVER_MAX_CMD_MB * 1024) {
+ log_err("fio: cmd+pdu too large (%llu)\n", (unsigned long long) cmd_size);
+ ret = 1;
+ break;
+ }
+
+ tmp = realloc(cmdret, cmd_size);
+ if (!tmp) {
+ log_err("fio: server failed allocating cmd\n");
+ ret = 1;
+ break;
+ }
+ cmdret = tmp;
if (first)
memcpy(cmdret, &cmd, sizeof(cmd));
if (first)
memcpy(cmdret, &cmd, sizeof(cmd));
FIO_SERVER_VER = 33,
FIO_SERVER_MAX_FRAGMENT_PDU = 1024,
FIO_SERVER_VER = 33,
FIO_SERVER_MAX_FRAGMENT_PDU = 1024,
+ FIO_SERVER_MAX_CMD_MB = 2048,
FIO_NET_CMD_QUIT = 1,
FIO_NET_CMD_EXIT = 2,
FIO_NET_CMD_QUIT = 1,
FIO_NET_CMD_EXIT = 2,