[master] 7b18d9a Fix up file reading byte sizes when reading VSL log records from a file.

Martin Blix Grydeland martin at varnish-cache.org
Tue Oct 1 14:48:19 CEST 2013 

commit 7b18d9a074f7dd1c6fbec42d68aaec10a57acc17
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date:   Tue Oct 1 13:25:33 2013 +0200

    Fix up file reading byte sizes when reading VSL log records from a file.
    
    The code got word sizes confused, and failed to allocate a proper
    buffer based on the word size. Make the code use word sizes in local
    variables for clarity and make sure that the allocation routines get
    byte sizes.
    
    Spotted by: Coverity

diff --git a/lib/libvarnishapi/vsl_cursor.c b/lib/libvarnishapi/vsl_cursor.c
index c4f3cf1..d1fcfe0 100644
--- a/lib/libvarnishapi/vsl_cursor.c
+++ b/lib/libvarnishapi/vsl_cursor.c
@@ -306,6 +306,7 @@ vslc_file_delete(struct VSL_cursor *cursor)
 	FREE_OBJ(c);
 }
 
+/* Read n bytes from fd into buf */
 static ssize_t
 vslc_file_readn(int fd, void *buf, size_t n)
 {
@@ -325,7 +326,8 @@ static int
 vslc_file_next(struct VSL_cursor *cursor)
 {
 	struct vslc_file *c;
-	ssize_t i, l;
+	ssize_t i;
+	size_t l;
 
 	CAST_OBJ_NOTNULL(c, cursor->priv_data, VSLC_FILE_MAGIC);
 	assert(&c->cursor == cursor);
@@ -335,27 +337,28 @@ vslc_file_next(struct VSL_cursor *cursor)
 
 	do {
 		c->cursor.rec.ptr = NULL;
-		assert(c->buflen >= VSL_BYTES(2));
+		assert(c->buflen >= 2);
 		i = vslc_file_readn(c->fd, c->buf, VSL_BYTES(2));
 		if (i < 0)
 			return (-4);	/* I/O error */
 		if (i == 0)
 			return (-1);	/* EOF */
 		assert(i == VSL_BYTES(2));
-		l = VSL_BYTES(2 + VSL_WORDS(VSL_LEN(c->buf)));
+		l = 2 + VSL_WORDS(VSL_LEN(c->buf));
 		if (c->buflen < l) {
-			c->buf = realloc(c->buf, 2 * l);
+			while (c->buflen < l)
+				c->buflen = 2 * l;
+			c->buf = realloc(c->buf, VSL_BYTES(c->buflen));
 			AN(c->buf);
-			c->buflen = 2 * l;
 		}
-		if (l > VSL_BYTES(2)) {
+		if (l > 2) {
 			i = vslc_file_readn(c->fd, c->buf + 2,
-			    l - VSL_BYTES(2));
+			    VSL_BYTES(l - 2));
 			if (i < 0)
 				return (-4);	/* I/O error */
 			if (i == 0)
 				return (-1);	/* EOF */
-			assert(i == l - VSL_BYTES(2));
+			assert(i == VSL_BYTES(l - 2));
 		}
 		c->cursor.rec.ptr = c->buf;
 	} while (VSL_TAG(c->cursor.rec.ptr) == SLT__Batch);
@@ -425,8 +428,8 @@ VSL_CursorFile(struct VSL_data *vsl, const char *name)
 	c->cursor.priv_data = c;
 
 	c->fd = fd;
-	c->buflen = BUFSIZ;
-	c->buf = malloc(c->buflen);
+	c->buflen = VSL_WORDS(BUFSIZ);
+	c->buf = malloc(VSL_BYTES(c->buflen));
 	AN(c->buf);
 
 	return (&c->cursor);

More information about the varnish-commit mailing list