From e6a0eca16a7fa627a2b6b2ff4e7c7c92a17c7b05 Mon Sep 17 00:00:00 2001
From: Steven Dake <sdake@mvista.com>
Date: Mon, 31 Jan 2005 22:07:48 +0000
Subject: [PATCH] Fix from mark and daniel for small packet sizes in totempg
 resulting in segfault.

(Logical change 1.125)


git-svn-id: http://svn.fedorahosted.org/svn/corosync/trunk@441 fd59a12c-fef9-0310-b244-a6a79926bd2f
---
 exec/totempg.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/exec/totempg.c b/exec/totempg.c
index d4dba92a..484b8b70 100644
--- a/exec/totempg.c
+++ b/exec/totempg.c
@@ -92,6 +92,8 @@
 
 #include "swab.h"
 
+#define min(a,b) ((a) < (b)) ? a : b
+
 struct totempg_mcast_header {
 	short version;
 	short type;
@@ -425,6 +427,7 @@ int totempg_initialize (
 	return (res);
 }
 
+
 /*
  * Multicast a message
  */
@@ -452,8 +455,12 @@ int totempg_mcast (
 
 		/*
 		 * If it all fits with room left over, copy it in.
+		 * We need to leave at least sizeof(short) + 1 bytes in the
+		 * fragment_buffer on exit so that max_packet_size + fragment_size
+		 * doesn't exceed the size of the fragment_buffer on the next call.
 		 */
-		if ((copy_len + fragment_size) < max_packet_size) {
+		if ((copy_len + fragment_size) < 
+						(max_packet_size - sizeof (unsigned short))) {
 			memcpy (&fragmentation_data[fragment_size],
 				iovec[i].iov_base + copy_base, copy_len);
 			fragment_size += copy_len;
@@ -467,7 +474,7 @@ int totempg_mcast (
 		 * If it just fits or is too big, then send out what fits.
 		 */
 		} else {
-			copy_len = max_packet_size - fragment_size;
+			copy_len = min(copy_len, max_packet_size - fragment_size);
 			memcpy (&fragmentation_data[fragment_size],
 				iovec[i].iov_base + copy_base, copy_len);
 			mcast_packed_msg_lens[mcast_packed_msg_count] += copy_len;
@@ -542,3 +549,6 @@ int totempg_send_ok (
 
 	return (avail > 200);
 }
+/*
+ *	vi: set autoindent tabstop=4 shiftwidth=4 :
+ */