From f9a3c7e4e8ecd0ee784502fdbb9e293ae7e09b5a Mon Sep 17 00:00:00 2001
From: David Bigagli <david@schedmd.com>
Date: Thu, 3 Oct 2013 11:27:58 -0700
Subject: [PATCH] Subtract the PMII_COMMANDLEN_SIZE to prevent certain
 implementation of snprintf() to segfault.

---
 NEWS                     |  2 ++
 contribs/pmi2/pmi2_api.c | 15 +++++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 610b22477be..c5e1ccc5ca3 100644
--- a/NEWS
+++ b/NEWS
@@ -89,6 +89,8 @@ documents those changes that are of interest to users and admins.
     lengths.
  -- If OverTimeLimit is defined do not declare failed those jobs that ended
     in the OverTimeLimit interval.
+ -- Subtract the PMII_COMMANDLEN_SIZE in contribs/pmi2/pmi2_api.c to prevent
+    certain implementation of snprintf() to segfault.
 
 * Changes in Slurm 2.6.1
 ========================
diff --git a/contribs/pmi2/pmi2_api.c b/contribs/pmi2/pmi2_api.c
index 4a1507bba80..78ad795d54e 100644
--- a/contribs/pmi2/pmi2_api.c
+++ b/contribs/pmi2/pmi2_api.c
@@ -1492,6 +1492,14 @@ int PMIi_WriteSimpleCommand( int fd, PMI2_Command *resp, const char cmd[], PMI2_
     PMI2U_ERR_CHKANDJUMP(ret >= remaining_len, pmi2_errno, PMI2_ERR_OTHER, "**intern %s", "Ran out of room for command");
     c += ret;
     remaining_len -= ret;
+    /* Subtract the PMII_COMMANDLEN_SIZE to prevent
+     * certain implementation of snprintf() to
+     * segfault when zero out the buffer.
+     * PMII_COMMANDLEN_SIZE must be added later on
+     * back again to send out the right protocol
+     * message size.
+     */
+    remaining_len -= PMII_COMMANDLEN_SIZE;
 
 #ifdef MPICH_IS_THREADED
     MPIU_THREAD_CHECK_BEGIN;
@@ -1531,8 +1539,11 @@ int PMIi_WriteSimpleCommand( int fd, PMI2_Command *resp, const char cmd[], PMI2_
         --remaining_len;
     }
 
-    /* prepend the buffer length stripping off the trailing '\0' */
-    cmdlen = PMII_MAX_COMMAND_LEN - remaining_len;
+    /* prepend the buffer length stripping off the trailing '\0'
+     * Add back the PMII_COMMANDLEN_SIZE to get the correct
+     * protocol size.
+     */
+    cmdlen = PMII_MAX_COMMAND_LEN - (remaining_len + PMII_COMMANDLEN_SIZE);
     ret = snprintf(cmdlenbuf, sizeof(cmdlenbuf), "%d", cmdlen);
     PMI2U_ERR_CHKANDJUMP(ret >= PMII_COMMANDLEN_SIZE, pmi2_errno, PMI2_ERR_OTHER, "**intern %s", "Command length won't fit in length buffer");
 
-- 
GitLab