From f12ddbf5894229504944578c70f98f51e330dc1a Mon Sep 17 00:00:00 2001 From: phk Date: Wed, 23 Jan 2008 09:26:03 +0000 Subject: [PATCH] Make sure WRK_Flush() always resets w->niov so WRK_Write() does not overrun the w->iov. Because niov is right after iov in struct worker, it is hard to predict what the effect of hitting this bug, but "core dump" is almost a given. I don't think it has been likely to happen a lot however, as it would require a full complement of HTTP headers or a very fragmented object. Coverity Scan (CID:7) git-svn-id: svn+ssh://projects.linpro.no/svn/varnish/trunk@2369 d4fa192b-c00b-0410-8231-f00ffab90ce4 --- varnish-cache/bin/varnishd/cache_pool.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/varnish-cache/bin/varnishd/cache_pool.c b/varnish-cache/bin/varnishd/cache_pool.c index 8894ca73..174ef283 100644 --- a/varnish-cache/bin/varnishd/cache_pool.c +++ b/varnish-cache/bin/varnishd/cache_pool.c @@ -98,11 +98,11 @@ WRK_Flush(struct worker *w) ssize_t i; CHECK_OBJ_NOTNULL(w, WORKER_MAGIC); - if (*w->wfd < 0 || w->niov == 0 || w->werr) - return (w->werr); - i = writev(*w->wfd, w->iov, w->niov); - if (i != w->liov) - w->werr++; + if (*w->wfd >= 0 && w->niov > 0 && w->werr == 0) { + i = writev(*w->wfd, w->iov, w->niov); + if (i != w->liov) + w->werr++; + } w->liov = 0; w->niov = 0; return (w->werr); -- 2.39.5