==20761== Invalid read of size 8
==20761== at 0x11BE30: ctdb_ctrl_dbstatistics (ctdb_client.c:1286)
==20761== by 0x12BA89: control_dbstatistics (ctdb.c:713)
==20761== by 0x1312E0: main (ctdb.c:6543)
==20761== Address 0x713b0d0 is 0 bytes after a block of size 560 alloc'd
==20761== at 0x4C27A2E: malloc (vg_replace_malloc.c:270)
==20761== by 0x5CB0954: _talloc_memdup (talloc.c:615)
==20761== by 0x11395C: ctdb_control_recv (ctdb_client.c:1146)
==20761== by 0x11BDD7: ctdb_ctrl_dbstatistics (ctdb_client.c:1265)
==20761== by 0x12BA89: control_dbstatistics (ctdb.c:713)
==20761== by 0x1312E0: main (ctdb.c:6543)
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(Imported from commit
9aa90482f8ffbddf898eb8a900112f45d82f0930)
}
wire = (struct ctdb_db_statistics *)outdata.dptr;
- *s = *wire;
+ memcpy(s, wire, offsetof(struct ctdb_db_statistics, hot_keys_wire));
ptr = &wire->hot_keys_wire[0];
for (i=0; i<wire->num_hot_keys; i++) {
s->hot_keys[i].key.dptr = talloc_size(mem_ctx, s->hot_keys[i].key.dsize);
return -1;
}
- *stats = ctdb_db->statistics;
+ memcpy(stats, &ctdb_db->statistics,
+ offsetof(struct ctdb_db_statistics, hot_keys_wire));
stats->num_hot_keys = MAX_HOT_KEYS;