From 3a005ebbbae9acac8d00e9518592319b95a1eb17 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 18 Sep 2019 08:24:56 +0200 Subject: [PATCH] revokefs: Fix off-by-one array size in fuse implementation The iovec write_vecs[] array on the stack was just 2 element, but we sometimes use 3 elements of it. This was causing random crashes due to corrupting the stack. Closes: #3110 Approved by: alexlarsson (cherry picked from commit 84e7b19683228ffed34783cc60f7b3985eb74772) --- revokefs/writer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/revokefs/writer.c b/revokefs/writer.c index 2b473382..d5140161 100644 --- a/revokefs/writer.c +++ b/revokefs/writer.c @@ -60,7 +60,7 @@ do_request (int writer_socket, size_t request_size; size_t response_max_size; ssize_t written_size, read_size; - struct iovec write_vecs[2] = {}; + struct iovec write_vecs[3] = {}; int n_write_vecs = 0; struct iovec read_vecs[2] = {}; int n_read_vecs = 0;