Hi, Ken -
> [...]
> In the original code the pdu buffer needs to be a multiple of sizeo(__pmPDU)
> ... this assumption is enforced in __pmFindPDUBuf() because PDU_CHUNK is a
> multiple of sizeof(__pmPDU) and required in __pmXmitPDU() where tail end
> buffer initialization already happens.
OK, I'll look at this closer, but ...
> [...]
> So I think the simplest change for your new PDU buffer code would be to
> round the requested buffer size to be a multiple of sizeof(__pmPDU) bytes.
... I think this is a different issue. The one I happened on is this part
of p_pmns.c:
457 static int
458 SendNameReq(int fd, int from, const char *name, int pdu_type, int
subtype)
459 {
463 int alloc_len; /* length allocated for name */
475 namelen = (int)strlen(name);
476 alloc_len = (int)(sizeof(int)*((namelen-1 +
sizeof(int))/sizeof(int)));
477 need = (int)(sizeof(*nreq) - sizeof(nreq->name) + alloc_len);
479 if ((nreq = (namereq_t *)__pmFindPDUBuf(need)) == NULL)
486 memcpy(&nreq->name[0], name, namelen);
491 sts = __pmXmitPDU(fd, (__pmPDU *)nreq);
This leaves the 0-3 last bytes of the __pmFindPDUBuf result buf
uninintialized, since alloc_len is 0-3 bytes larger than "namelen",
due to alloc_len being larger than necessary to carry the string.
- FChE
|