From d20a9afc0ab96250cfd416c8a4f45fe32840be26 Mon Sep 17 00:00:00 2001
From: Benedikt Steinbusch <b.steinbusch@fz-juelich.de>
Date: Thu, 11 Feb 2021 11:54:39 +0100
Subject: [PATCH] fix out of bounds exception on 0 length pread and pwrite
 messages

---
 CHANGELOG.md      | 4 ++++
 src/server.cxx    | 4 ++--
 src/test-client.c | 8 ++++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ec40bbc..9390e97 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,4 +12,8 @@
 - `boost::variant` has been replaced by `std::variant` and Boost is no longer needed as a dependency
 - If no explicit choice is made via `CMAKE_POSITION_INDEPENDENT_CODE`, the client library defaults to being built as position independent code
 
+### Fixed
+
+- Pread and pwrite messages of length 0 were handled incorrectly by the server, leading to an out of bounds exception
+
 [Unreleased]: https://gitlab.version.fz-juelich.de/SIONlib/SIONfwd/-/compare/v1.0.0...main
diff --git a/src/server.cxx b/src/server.cxx
index 36ebe26..b427c50 100644
--- a/src/server.cxx
+++ b/src/server.cxx
@@ -362,7 +362,7 @@ struct CommunicatorReceiver {
       std::vector<char> buf = (args.nbyte() > 0) ? communicator_.receive_data(args.nbyte()) : std::vector<char>{};
       ssize_t written = 0;
       while (true) {
-        ssize_t k = pwrite(args.fd(), &buf.at(written), args.nbyte() - written, args.offset() + written);
+        ssize_t k = pwrite(args.fd(), (args.nbyte() > 0) ? &buf.at(written) : nullptr, args.nbyte() - written, args.offset() + written);
         if (k == -1) {
           if (errno != EINTR) {
             written = -1;
@@ -385,7 +385,7 @@ struct CommunicatorReceiver {
       std::vector<char> buf(args.nbyte());
       ssize_t read = 0;
       while (true) {
-        ssize_t k = pread(args.fd(), &buf.at(read), args.nbyte() - read, args.offset() + read);
+        ssize_t k = pread(args.fd(), (args.nbyte() > 0) ? &buf.at(read) : nullptr, args.nbyte() - read, args.offset() + read);
         if (k == -1) {
           if (errno != EINTR) {
             read = -1;
diff --git a/src/test-client.c b/src/test-client.c
index bc06e52..d62b2bb 100644
--- a/src/test-client.c
+++ b/src/test-client.c
@@ -26,6 +26,10 @@ int main(int argc, char *argv[]) {
   fprintf(stderr, "wrote %" PRId64 " bytes to %d\n", written, fd);
   assert(written == strlen(wbuf));
 
+  written = sionfwd_pwrite(fd, wbuf, 0, 0);
+  fprintf(stderr, "wrote %" PRId64 " bytes to %d\n", written, fd);
+  assert(written == 0);
+
   int status = sionfwd_flush(fd);
   fprintf(stderr, "flushed file descriptor %d\n", fd);
   assert(status == 0);
@@ -51,6 +55,10 @@ int main(int argc, char *argv[]) {
   assert(read == strlen(wbuf));
   assert(strcmp(wbuf, rbuf) == 0);
 
+  read = sionfwd_pread(fd, rbuf, 0, 0);
+  fprintf(stderr, "read %" PRId64 " bytes from %d\n", read, fd);
+  assert(read == 0);
+
   status = sionfwd_close(fd);
   fprintf(stderr, "closed file descriptor %d with status %d\n", fd, status);
   assert(status == 0);
-- 
GitLab