r24164: Fix for write cache corruption bug reported by Jean-Francois Panisset <panisset@A52.com>.

Awaiting confirmation from reporter. Jeremy. (This used to be commit 7bd65060bd965bd17a5d79639cf561b8b578cb36)
author: Jeremy Allison <jra@samba.org> 2007-08-03 16:51:43 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:29:17 -0500
commit: 01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae (patch)
tree: f19aa2be3fe914e88b90051cad26738ed41d7148 /source3/smbd/fileio.c
parent: c7a425f30fc0fa5f1e32ae30f631849c81786057 (diff)
download: samba-01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae.tar.gz
samba-01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae.tar.bz2
samba-01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae.zip
1 files changed, 20 insertions, 10 deletions
diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c
index e797dbda14..76b29ec998 100644
--- a/source3/smbd/fileio.c
+++ b/source3/smbd/fileio.c
@@ -508,15 +508,20 @@ nonop=%u allocated=%u active=%u direct=%u perfect=%u readhits=%u\n",
 
 			write_path = 3;
 
-                } else if ( (pos >= wcp->file_size) && 
+                } else if ( (pos >= wcp->file_size) &&
 			    (n == 1) &&
-			    (pos < wcp->offset + 2*wcp->alloc_size) &&
-			    (wcp->file_size == wcp->offset + wcp->data_size)) {
+			    (wcp->file_size == wcp->offset + wcp->data_size) &&
+			    (pos < wcp->file_size + wcp->alloc_size)) {
 
                         /*
-                        +---------------+
-                        | Cached data   |
-                        +---------------+
+
+                End of file ---->|
+
+                 +---------------+---------------+
+                 | Cached data   | Cache buffer  |
+                 +---------------+---------------+
+
+                                 |<------- allocated size ---------------->|
 
                                                          +--------+
                                                          | 1 Byte |
@@ -524,13 +529,18 @@ nonop=%u allocated=%u active=%u direct=%u perfect=%u readhits=%u\n",
 
 			MS-Office seems to do this a lot to determine if there's enough
 			space on the filesystem to write a new file.
-                        */
 
-			SMB_BIG_UINT new_start = wcp->offset + wcp->data_size;
+			Change to :
+
+                End of file ---->|
+                                 +-----------------------+--------+
+                                 | Zeroed Cached data    | 1 Byte |
+                                 +-----------------------+--------+
+                        */
 
 			flush_write_cache(fsp, WRITE_FLUSH);
-			wcp->offset = new_start;
-			wcp->data_size = pos - new_start + 1;
+			wcp->offset = wcp->file_size;
+			wcp->data_size = pos - wcp->file_size + 1;
 			memset(wcp->data, '\0', wcp->data_size);
 			memcpy(wcp->data + wcp->data_size-1, data, 1);
author	Jeremy Allison <jra@samba.org>	2007-08-03 16:51:43 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:29:17 -0500
commit	01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae (patch)
tree	f19aa2be3fe914e88b90051cad26738ed41d7148 /source3/smbd/fileio.c
parent	c7a425f30fc0fa5f1e32ae30f631849c81786057 (diff)
download	samba-01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae.tar.gz samba-01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae.tar.bz2 samba-01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae.zip