Fix off-by-one in jobs_eta allocation

author Jens Axboe <axboe@kernel.dk>

Wed, 12 Oct 2011 07:20:34 +0000 (09:20 +0200)

committer Jens Axboe <axboe@kernel.dk>

Wed, 12 Oct 2011 07:20:34 +0000 (09:20 +0200)
author Jens Axboe <axboe@kernel.dk>
Wed, 12 Oct 2011 07:20:34 +0000 (09:20 +0200)
committer Jens Axboe <axboe@kernel.dk>
Wed, 12 Oct 2011 07:20:34 +0000 (09:20 +0200)
diff --git a/eta.c b/eta.c

index b7f1fd62cffe88e2bdac92c5d325ec8fbfb25a55..6118d1af21b5afccee8c9f106bc4cbd93b557c61 100644 (file)
--- a/eta.c
+++ b/eta.c
@@ -418,10 +418,14 @@ void display_thread_status(struct jobs_eta *je)
  void print_thread_status(void)
  {
         struct jobs_eta *je;
+       size_t size;
  
-       je = malloc(sizeof(*je) + thread_number * sizeof(char));
+       if (!thread_number)
+               return;
  
-       memset(je, 0, sizeof(*je) + thread_number * sizeof(char));
+       size = sizeof(*je) + thread_number * sizeof(char) + 1;
+       je = malloc(size);
+       memset(je, 0, size);
  
         if (calc_thread_status(je, 0))
                 display_thread_status(je);
diff --git a/server.c b/server.c

index ac6c2fb8969da75f15c05def7e313f01ca162137..2c20e37b7e053f60d3528d4909b82d721edd2032 100644 (file)
--- a/server.c
+++ b/server.c
@@ -409,7 +409,10 @@ static int handle_send_eta_cmd(struct fio_net_cmd *cmd)
         size_t size;
         int i;
  
-       size = sizeof(*je) + thread_number * sizeof(char);
+       if (!thread_number)
+               return 0;
+
+       size = sizeof(*je) + thread_number * sizeof(char) + 1;
         je = malloc(size);
         memset(je, 0, size);
author	Jens Axboe <axboe@kernel.dk>
	Wed, 12 Oct 2011 07:20:34 +0000 (09:20 +0200)
committer	Jens Axboe <axboe@kernel.dk>
	Wed, 12 Oct 2011 07:20:34 +0000 (09:20 +0200)
eta.c		patch \| blob \| blame \| history
server.c		patch \| blob \| blame \| history