rbd: don't over-allocate space for object prefix
authorAlex Elder <elder@inktank.com>
Fri, 24 Aug 2012 04:22:06 +0000 (23:22 -0500)
committerAlex Elder <elder@inktank.com>
Mon, 1 Oct 2012 19:30:49 +0000 (14:30 -0500)
In rbd_header_from_disk() the object prefix buffer is sized based on
the maximum size it's block_name equivalent on disk could be.

Instead, only allocate enough to hold null-terminated string from
the on-disk header--or the maximum size of no NUL is found.

Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>
drivers/block/rbd.c

index 15bd3ecbcf34d6c3bc55758e580871b1080f4b9e..a27167942a9285d8d842049cdf629cd3152ad77a 100644 (file)
@@ -519,18 +519,19 @@ static int rbd_header_from_disk(struct rbd_image_header *header,
                                 struct rbd_image_header_ondisk *ondisk)
 {
        u32 snap_count;
+       size_t len;
        size_t size;
 
        memset(header, 0, sizeof (*header));
 
        snap_count = le32_to_cpu(ondisk->snap_count);
 
-       size = sizeof (ondisk->object_prefix) + 1;
-       header->object_prefix = kmalloc(size, GFP_KERNEL);
+       len = strnlen(ondisk->object_prefix, sizeof (ondisk->object_prefix));
+       header->object_prefix = kmalloc(len + 1, GFP_KERNEL);
        if (!header->object_prefix)
                return -ENOMEM;
-       memcpy(header->object_prefix, ondisk->object_prefix, size - 1);
-       header->object_prefix[size - 1] = '\0';
+       memcpy(header->object_prefix, ondisk->object_prefix, len);
+       header->object_prefix[len] = '\0';
 
        if (snap_count) {
                header->snap_names_len = le64_to_cpu(ondisk->snap_names_len);