From 0685312fdd24afa24ebfa9746f65baa0797b56a1 Mon Sep 17 00:00:00 2001
From: "Alan D. Brunelle" <Alan.Brunelle@hp.com>
Date: Tue, 24 Jan 2006 19:08:05 +0100
Subject: [PATCH] [PATCH] blktrace: fix for potential data overwrite

Here is the situation before the realloc:

               fd_max_size
               |
               v
   XXXOOOOXXXXX
          ^
          |
          fd_off

The X's are data, the O's are empty. What we start with after the realloc:

               fd_max_size
               |
               v
   XXXOOOOXXXXXOOOOOOOOOOOO
          ^
          |
          fd_off

In the original code we have the movement of data from byte 0
(tip->fd_buf) to tip->fd_off - over-writing data. I think if we use
tip->fd_max_size, we get the desired result (note: tip->fd_max_size is
updated to 2 times the size AFTER the memmove).
---
 blktrace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blktrace.c b/blktrace.c
index 6055a30..637c0a0 100644
--- a/blktrace.c
+++ b/blktrace.c
@@ -322,7 +322,7 @@ static int resize_ringbuffer(struct thread_information *tip)
 	 */
 	if (tip->fd_off + tip->fd_size > tip->fd_max_size) {
 		unsigned long wrap_size = tip->fd_size - (tip->fd_max_size - tip->fd_off);
-		memmove(tip->fd_buf + tip->fd_off, tip->fd_buf, wrap_size);
+		memmove(tip->fd_buf + tip->fd_max_size, tip->fd_buf, wrap_size);
 	}
 
 	tip->fd_max_size <<= 1;
-- 
2.25.1