Skip to content

Commit 0619797

Browse files
ggouaillardetggouaillardet
committed
romio314: adio/ad_nfs: fix buffer overflows in ADIOI_NFS_{Read,Write}Strided
Refs: models/mpich#2338 Refs: models/mpich#2617 Signed-off-by: Rob Latham <[email protected]> (back-ported from upstream commit pmodels/mpich@642db57) Signed-off-by: Gilles Gouaillardet <[email protected]> (cherry picked from commit eaf050c)
1 parent a598c45 commit 0619797

File tree

2 files changed

+20
-14
lines changed

2 files changed

+20
-14
lines changed

ompi/mca/io/romio314/romio/adio/ad_nfs/ad_nfs_read.c

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -157,8 +157,9 @@ void ADIOI_NFS_ReadStrided(ADIO_File fd, void *buf, int count,
157157
/* offset is in units of etype relative to the filetype. */
158158

159159
ADIOI_Flatlist_node *flat_buf, *flat_file;
160-
int i, j, k, err=-1, brd_size, frd_size=0, st_index=0;
161-
int bufsize, num, size, sum, n_etypes_in_filetype, size_in_filetype;
160+
int i, j, k, err=-1, brd_size, st_index=0;
161+
int num, size, sum, n_etypes_in_filetype, size_in_filetype;
162+
MPI_Count bufsize;
162163
int n_filetypes, etype_in_filetype;
163164
ADIO_Offset abs_off_in_filetype=0;
164165
int req_len, partial_read;
@@ -168,8 +169,9 @@ void ADIOI_NFS_ReadStrided(ADIO_File fd, void *buf, int count,
168169
ADIO_Offset userbuf_off;
169170
ADIO_Offset off, req_off, disp, end_offset=0, readbuf_off, start_off;
170171
char *readbuf, *tmp_buf, *value;
171-
int st_frd_size, st_n_filetypes, readbuf_len;
172-
int new_brd_size, new_frd_size, err_flag=0, info_flag, max_bufsize;
172+
int st_n_filetypes, readbuf_len;
173+
ADIO_Offset frd_size=0, new_frd_size, st_frd_size;
174+
int new_brd_size, err_flag=0, info_flag, max_bufsize;
173175

174176
static char myname[] = "ADIOI_NFS_READSTRIDED";
175177

@@ -449,12 +451,13 @@ void ADIOI_NFS_ReadStrided(ADIO_File fd, void *buf, int count,
449451
else {
450452
/* noncontiguous in memory as well as in file */
451453

454+
ADIO_Offset i;
452455
ADIOI_Flatten_datatype(datatype);
453456
flat_buf = ADIOI_Flatlist;
454457
while (flat_buf->type != datatype) flat_buf = flat_buf->next;
455458

456459
k = num = buf_count = 0;
457-
i = (int) (flat_buf->indices[0]);
460+
i = flat_buf->indices[0];
458461
j = st_index;
459462
off = offset;
460463
n_filetypes = st_n_filetypes;
@@ -499,8 +502,8 @@ void ADIOI_NFS_ReadStrided(ADIO_File fd, void *buf, int count,
499502

500503
k = (k + 1)%flat_buf->count;
501504
buf_count++;
502-
i = (int) (buftype_extent*(buf_count/flat_buf->count) +
503-
flat_buf->indices[k]);
505+
i = buftype_extent*(buf_count/flat_buf->count) +
506+
flat_buf->indices[k];
504507
new_brd_size = flat_buf->blocklens[k];
505508
if (size != frd_size) {
506509
off += size;

ompi/mca/io/romio314/romio/adio/ad_nfs/ad_nfs_write.c

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -260,8 +260,9 @@ void ADIOI_NFS_WriteStrided(ADIO_File fd, const void *buf, int count,
260260
/* offset is in units of etype relative to the filetype. */
261261

262262
ADIOI_Flatlist_node *flat_buf, *flat_file;
263-
int i, j, k, err=-1, bwr_size, fwr_size=0, st_index=0;
264-
int bufsize, num, size, sum, n_etypes_in_filetype, size_in_filetype;
263+
int i, j, k, err=-1, bwr_size, st_index=0;
264+
int num, size, sum, n_etypes_in_filetype, size_in_filetype;
265+
MPI_Count bufsize;
265266
int n_filetypes, etype_in_filetype;
266267
ADIO_Offset abs_off_in_filetype=0;
267268
int req_len;
@@ -271,8 +272,9 @@ void ADIOI_NFS_WriteStrided(ADIO_File fd, const void *buf, int count,
271272
ADIO_Offset userbuf_off;
272273
ADIO_Offset off, req_off, disp, end_offset=0, writebuf_off, start_off;
273274
char *writebuf=NULL, *value;
274-
int st_fwr_size, st_n_filetypes, writebuf_len, write_sz;
275-
int new_bwr_size, new_fwr_size, err_flag=0, info_flag, max_bufsize;
275+
int st_n_filetypes, writebuf_len, write_sz;
276+
ADIO_Offset fwr_size = 0, new_fwr_size, st_fwr_size;
277+
int new_bwr_size, err_flag=0, info_flag, max_bufsize;
276278
static char myname[] = "ADIOI_NFS_WRITESTRIDED";
277279

278280
ADIOI_Datatype_iscontig(datatype, &buftype_is_contig);
@@ -553,12 +555,13 @@ void ADIOI_NFS_WriteStrided(ADIO_File fd, const void *buf, int count,
553555
else {
554556
/* noncontiguous in memory as well as in file */
555557

558+
ADIO_Offset i;
556559
ADIOI_Flatten_datatype(datatype);
557560
flat_buf = ADIOI_Flatlist;
558561
while (flat_buf->type != datatype) flat_buf = flat_buf->next;
559562

560563
k = num = buf_count = 0;
561-
i = (int) (flat_buf->indices[0]);
564+
i = flat_buf->indices[0];
562565
j = st_index;
563566
off = offset;
564567
n_filetypes = st_n_filetypes;
@@ -604,8 +607,8 @@ void ADIOI_NFS_WriteStrided(ADIO_File fd, const void *buf, int count,
604607

605608
k = (k + 1)%flat_buf->count;
606609
buf_count++;
607-
i = (int) (buftype_extent*(buf_count/flat_buf->count) +
608-
flat_buf->indices[k]);
610+
i = buftype_extent*(buf_count/flat_buf->count) +
611+
flat_buf->indices[k];
609612
new_bwr_size = flat_buf->blocklens[k];
610613
if (size != fwr_size) {
611614
off += size;

0 commit comments

Comments
 (0)