You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by so...@apache.org on 2013/08/03 21:25:03 UTC

git commit: TS-2093: Check bounds on plugin stat creation.

Updated Branches:
  refs/heads/master 4651ca76d -> 76ef33d43


TS-2093: Check bounds on plugin stat creation.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/76ef33d4
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/76ef33d4
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/76ef33d4

Branch: refs/heads/master
Commit: 76ef33d435236aa680e2180191e5584af5adb0d1
Parents: 4651ca7
Author: Phil Sorber <so...@apache.org>
Authored: Sat Aug 3 13:22:21 2013 -0600
Committer: Phil Sorber <so...@apache.org>
Committed: Sat Aug 3 13:22:21 2013 -0600

----------------------------------------------------------------------
 CHANGES         | 2 ++
 proxy/InkAPI.cc | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/76ef33d4/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 8a54291..292e846 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,8 @@
 Changes with Apache Traffic Server 3.3.5
   
 
+  *) [TS-2093] Check bounds on plugin stat creation.
+
   *) [TS-2092] Use of uninitialized member in HdrHeap.
 
   *) [TS-2052] ET_SSL thread spinning

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/76ef33d4/proxy/InkAPI.cc
----------------------------------------------------------------------
diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc
index 602c6a0..6ae68ea 100644
--- a/proxy/InkAPI.cc
+++ b/proxy/InkAPI.cc
@@ -6627,14 +6627,15 @@ TSCacheScan(TSCont contp, TSCacheKey key, int KB_per_second)
 int
 TSStatCreate(const char *the_name, TSRecordDataType the_type, TSStatPersistence persist, TSStatSync sync)
 {
-  int volatile id = ink_atomic_increment(&top_stat, 1);
+  int id = ink_atomic_increment(&top_stat, 1);
   RecRawStatSyncCb syncer = RecRawStatSyncCount;
 
   // TODO: This only supports "int" data types at this point, since the "Raw" stats
   // interfaces only supports integers. Going forward, we could extend either the "Raw"
   // stats APIs, or make non-int use the direct (synchronous) stats APIs (slower).
   if ((sdk_sanity_check_null_ptr((void*)the_name) != TS_SUCCESS) ||
-      (sdk_sanity_check_null_ptr((void*)api_rsb) != TS_SUCCESS))
+      (sdk_sanity_check_null_ptr((void*)api_rsb) != TS_SUCCESS) ||
+      (id >= api_rsb->max_stats))
     return TS_ERROR;
 
   switch (sync) {