diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-12-28 19:33:23 -0500 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2014-01-11 10:07:22 -0500 |
commit | ae97089d49d1795a35a443b7b830ee666028e733 (patch) | |
tree | 528eab7122f5a7b4bb0cf1ad220164b3c0438323 /src/journal/mmap-cache.h | |
parent | 47917e4a4a8f1ee00bb7de3e83f7bfd849abf337 (diff) |
journal: fix access to munmapped memory in sd_journal_enumerate_unique
sd_j_e_u needs to keep a reference to an object while comparing it
with possibly duplicate objects in other files. Because the size of
mmap cache is limited, with enough files and object to compare to,
at some point the object being compared would be munmapped, resulting
in a segmentation fault.
Fix this issue by turning keep_always into a reference count that can
be increased and decreased. Other callers which set keep_always=true
are unmodified: their references are never released but are ignored
when the whole file is closed, which happens at some point. keep_always
is increased in sd_j_e_u and later on released.
Diffstat (limited to 'src/journal/mmap-cache.h')
-rw-r--r-- | src/journal/mmap-cache.h | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/journal/mmap-cache.h b/src/journal/mmap-cache.h index 912336d7c2..647555a73e 100644 --- a/src/journal/mmap-cache.h +++ b/src/journal/mmap-cache.h @@ -31,7 +31,23 @@ MMapCache* mmap_cache_new(void); MMapCache* mmap_cache_ref(MMapCache *m); MMapCache* mmap_cache_unref(MMapCache *m); -int mmap_cache_get(MMapCache *m, int fd, int prot, unsigned context, bool keep_always, uint64_t offset, size_t size, struct stat *st, void **ret); +int mmap_cache_get( + MMapCache *m, + int fd, + int prot, + unsigned context, + bool keep_always, + uint64_t offset, + size_t size, + struct stat *st, + void **ret); +int mmap_cache_release( + MMapCache *m, + int fd, + int prot, + unsigned context, + uint64_t offset, + size_t size); void mmap_cache_close_fd(MMapCache *m, int fd); void mmap_cache_close_context(MMapCache *m, unsigned context); |