From 4dbe39ba385d914d11827eb77ba4f2beb89b3336 Mon Sep 17 00:00:00 2001
From: John Spray <jcspray@gmail.com>
Date: Fri, 19 Feb 2021 13:52:51 +0000
Subject: [PATCH] Fix passing buffer address in Uring::recv

This was setting sql.len to iov_len, but
the sqe.addr was set to a msghdr location
in InFlight::insert -- consequentially
callers to recv got nothing in their buffer,
and a heap corruption.
---
 src/io_uring/uring.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/io_uring/uring.rs b/src/io_uring/uring.rs
index 3e53a74..ed6d406 100644
--- a/src/io_uring/uring.rs
+++ b/src/io_uring/uring.rs
@@ -271,7 +271,7 @@ impl Uring {
     {
         let iov = iov.into_new_iovec();
 
-        self.with_sqe(Some(iov), true, |sqe| {
+        self.with_sqe(None, true, |sqe| {
             sqe.prep_rw(
                 IORING_OP_RECV,
                 stream.as_raw_fd(),
@@ -279,6 +279,7 @@ impl Uring {
                 0,
                 ordering,
             );
+            sqe.addr = iov.iov_base as u64;
             sqe.len = u32::try_from(iov.iov_len).unwrap();
         })
     }