gracefully handle a too small ReceiveBufferSize
Sizing/ReceiveBufferSize must be >= Sizing/ReceiveBufferChunkSize + N for some small N, and if it is not, Cyclone will crash reading beyond allocated memory in a nasty way. Ordinarily this should be handled by the configuration validation, but that would put the burden of knowing the details of computing N upon the user, an unreasonable requirement. The old state of an assertion presupposes a check, and brings us back that same requirement. Thus, a change to ensure that ReceiveBufferSize will be taken as the minimum of the configured value and the actual minimal value as determined by ChunkSize and whatever N happens to be. Signed-off-by: Erik Boasson <eb@ilities.com>
This commit is contained in:
Erik Boasson
parent
e97adcace0
commit
8bc107b635
2 changed files with 8 additions and 2 deletions
|
|
@ -654,7 +654,7 @@ END_MARKER
|
||||||
static const struct cfgelem sizing_cfgelems[] =
|
static const struct cfgelem sizing_cfgelems[] =
|
||||||
{
|
{
|
||||||
{ LEAF("ReceiveBufferSize"), 1, "1 MiB", ABSOFF(rbuf_size), 0, uf_memsize, 0, pf_memsize,
|
{ LEAF("ReceiveBufferSize"), 1, "1 MiB", ABSOFF(rbuf_size), 0, uf_memsize, 0, pf_memsize,
|
||||||
"<p>This element sets the size of a single receive buffer. Many receive buffers may be needed. Their size must be greater than ReceiveBufferChunkSize by a modest amount.</p>" },
|
"<p>This element sets the size of a single receive buffer. Many receive buffers may be needed. The minimum workable size a little bit larger than Sizing/ReceiveBufferChunkSize, and the value used is taken as the configured value and the actual minimum workable size.</p>" },
|
||||||
{ LEAF("ReceiveBufferChunkSize"), 1, "128 KiB", ABSOFF(rmsg_chunk_size), 0, uf_memsize, 0, pf_memsize,
|
{ LEAF("ReceiveBufferChunkSize"), 1, "128 KiB", ABSOFF(rmsg_chunk_size), 0, uf_memsize, 0, pf_memsize,
|
||||||
"<p>This element specifies the size of one allocation unit in the receive buffer. Must be greater than the maximum packet size by a modest amount (too large packets are dropped). Each allocation is shrunk immediately after processing a message, or freed straightaway.</p>" },
|
"<p>This element specifies the size of one allocation unit in the receive buffer. Must be greater than the maximum packet size by a modest amount (too large packets are dropped). Each allocation is shrunk immediately after processing a message, or freed straightaway.</p>" },
|
||||||
END_MARKER
|
END_MARKER
|
||||||
|
|
|
||||||
|
|
@ -330,7 +330,13 @@ struct nn_rbufpool *nn_rbufpool_new (uint32_t rbuf_size, uint32_t max_rmsg_size)
|
||||||
struct nn_rbufpool *rbp;
|
struct nn_rbufpool *rbp;
|
||||||
|
|
||||||
assert (max_rmsg_size > 0);
|
assert (max_rmsg_size > 0);
|
||||||
assert (rbuf_size >= max_rmsg_size_w_hdr (max_rmsg_size));
|
|
||||||
|
/* raise rbuf_size to minimum possible considering max_rmsg_size, there is
|
||||||
|
no reason to bother the user with the small difference between the two
|
||||||
|
when he tries to configure things, and the crash is horrible when
|
||||||
|
rbuf_size is too small */
|
||||||
|
if (rbuf_size < max_rmsg_size_w_hdr (max_rmsg_size))
|
||||||
|
rbuf_size = max_rmsg_size_w_hdr (max_rmsg_size);
|
||||||
|
|
||||||
if ((rbp = ddsrt_malloc (sizeof (*rbp))) == NULL)
|
if ((rbp = ddsrt_malloc (sizeof (*rbp))) == NULL)
|
||||||
goto fail_rbp;
|
goto fail_rbp;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue