From eb4176472d8647cf96ffe23e57b4266d2e9e8938 Mon Sep 17 00:00:00 2001
From: Matthias Pitzl <silamael@coronamundi.de>
Date: Thu, 17 Nov 2011 02:40:29 -0700
Subject: [PATCH] Bug 3408: Wrong header length leads to EFAULTs when creating
 UFS swap.log.new

Also localized the header variable as it may be destroyed at any time.
---
 src/fs/ufs/store_dir_ufs.cc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/fs/ufs/store_dir_ufs.cc b/src/fs/ufs/store_dir_ufs.cc
index 092b2f552e..7e79850519 100644
--- a/src/fs/ufs/store_dir_ufs.cc
+++ b/src/fs/ufs/store_dir_ufs.cc
@@ -768,7 +768,6 @@ UFSSwapDir::openTmpSwapLog(int *clean_flag, int *zero_flag)
     struct stat clean_sb;
     FILE *fp;
     int fd;
-    StoreSwapLogHeader *head;
 
     if (::stat(swaplog_path, &log_sb) < 0) {
         debugs(47, 1, "Cache Dir #" << index << ": No log file");
@@ -794,10 +793,11 @@ UFSSwapDir::openTmpSwapLog(int *clean_flag, int *zero_flag)
 
     swaplog_fd = fd;
 
-    head = new StoreSwapLogHeader;
-
-    file_write(swaplog_fd, -1, head, head->record_size,
-               NULL, NULL, FreeHeader);
+    {
+        StoreSwapLogHeader *header = new StoreSwapLogHeader;
+        file_write(swaplog_fd, -1, header, sizeof(*header),
+                   NULL, NULL, FreeHeader);
+    }
 
     /* open a read-only stream of the old log */
     fp = fopen(swaplog_path, "rb");
-- 
2.47.2