diff options
author | Jeremy Allison <jra@samba.org> | 2007-08-03 16:51:43 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:29:17 -0500 |
commit | 01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae (patch) | |
tree | f19aa2be3fe914e88b90051cad26738ed41d7148 /source3 | |
parent | c7a425f30fc0fa5f1e32ae30f631849c81786057 (diff) | |
download | samba-01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae.tar.gz samba-01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae.tar.bz2 samba-01ee1c7909bc6840ada40421b9ca1c3b4cbf99ae.zip |
r24164: Fix for write cache corruption bug reported by Jean-Francois Panisset <panisset@A52.com>.
Awaiting confirmation from reporter.
Jeremy.
(This used to be commit 7bd65060bd965bd17a5d79639cf561b8b578cb36)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/fileio.c | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c index e797dbda14..76b29ec998 100644 --- a/source3/smbd/fileio.c +++ b/source3/smbd/fileio.c @@ -508,15 +508,20 @@ nonop=%u allocated=%u active=%u direct=%u perfect=%u readhits=%u\n", write_path = 3; - } else if ( (pos >= wcp->file_size) && + } else if ( (pos >= wcp->file_size) && (n == 1) && - (pos < wcp->offset + 2*wcp->alloc_size) && - (wcp->file_size == wcp->offset + wcp->data_size)) { + (wcp->file_size == wcp->offset + wcp->data_size) && + (pos < wcp->file_size + wcp->alloc_size)) { /* - +---------------+ - | Cached data | - +---------------+ + + End of file ---->| + + +---------------+---------------+ + | Cached data | Cache buffer | + +---------------+---------------+ + + |<------- allocated size ---------------->| +--------+ | 1 Byte | @@ -524,13 +529,18 @@ nonop=%u allocated=%u active=%u direct=%u perfect=%u readhits=%u\n", MS-Office seems to do this a lot to determine if there's enough space on the filesystem to write a new file. - */ - SMB_BIG_UINT new_start = wcp->offset + wcp->data_size; + Change to : + + End of file ---->| + +-----------------------+--------+ + | Zeroed Cached data | 1 Byte | + +-----------------------+--------+ + */ flush_write_cache(fsp, WRITE_FLUSH); - wcp->offset = new_start; - wcp->data_size = pos - new_start + 1; + wcp->offset = wcp->file_size; + wcp->data_size = pos - wcp->file_size + 1; memset(wcp->data, '\0', wcp->data_size); memcpy(wcp->data + wcp->data_size-1, data, 1); |