[Bugs] [Bug 1164775] New: Glusterd segfaults on gluster volume status ... detail

Mon Nov 17 12:48:39 UTC 2014

https://bugzilla.redhat.com/show_bug.cgi?id=1164775

            Bug ID: 1164775
           Summary: Glusterd segfaults  on gluster volume status ...
                    detail
           Product: GlusterFS
           Version: mainline
         Component: glusterd
          Severity: medium
          Assignee: bugs at gluster.org
          Reporter: petr.medonos at etnetera.cz
                CC: bugs at gluster.org, gluster-bugs at redhat.com,
                    kaushal at redhat.com



+++ This bug was initially created as a clone of Bug #1163920 +++

Description of problem:
Issuing ‘gluster volume status … detail’ command segfaults the glusterd daemon
if the underlying bricks use filesystems unknown to gluster (in our case it was
a mountbind, which has type of ‘none’).

The problem seems to be in xlators/mgmt/glusterd/src/glusterd-utils.c, in
function glusterd_add_inode_size_to_dict,  on line 7296 - the loop iterates
over ‘fs’, not ‘glusterd_fs’, therefore ‘glusterd_fs->fs_type_name’ is always
‘xfs’ and fs gets out of bounds, causing the SIGSEGV in strcmp on line 7297.

--- glusterd-utils.c    2014-11-07 11:55:30.000000000 +0100
+++ glusterd-utils.c_new        2014-11-13 18:09:06.864317759 +0100
@@ -7293,7 +7293,7 @@
         runinit (&runner);
         runner_redir (&runner, STDOUT_FILENO, RUN_PIPE);

-        for (fs = glusterd_fs ; glusterd_fs->fs_type_name; fs++) {
+        for (fs = glusterd_fs ; fs->fs_type_name; fs++) {
                 if (strcmp (fs_name, fs->fs_type_name) == 0) {
                         snprintf (fs_tool_name, sizeof fs_tool_name,
                                   "/usr/sbin/%s", fs->fs_tool_name);

Version-Release number of selected component (if applicable):
3.6.1 from official glusterfs yum repository (Centos 6)

How reproducible:
Use filesystem not present in fs_info struct for bricks, for example mountbind,
which has type ‘none’.

Steps to Reproduce:
1. mount directory for bricks as mountbinds
2. create and start GlusterFS volume
3. execute gluster volume status ... detail command

Actual results:
Glusterd crashes with SIGSEGV.

Expected results:
No crash :)

Additional info:

--- Additional comment from Kaushal on 2014-11-14 01:23:37 EST ---

Hi Petr,

Thanks for providing the patch. Could you submit the patch for review on our
Gerrit instance at https://review.gluster.org . Information on how to submit
patches to GlusterFS can be found at
http://www.gluster.org/community/documentation/index.php/Simplified_dev_workflow
.

If you don't wish to, I can submit it for you.

--- Additional comment from Anand Avati on 2014-11-14 05:03:31 EST ---

REVIEW: http://review.gluster.org/9126 (Fix bug: 1163920 - out of bounds access
to fs_info struct) posted (#1) for review on release-3.6 by Petr Medonos
(petr.medonos at etnetera.cz)

--- Additional comment from Anand Avati on 2014-11-17 06:29:47 EST ---

REVIEW: http://review.gluster.org/9126 (mgmt/glusterd: Out of bounds access to
fs_info struct) posted (#2) for review on release-3.6 by Petr Medonos
(petr.medonos at etnetera.cz)

--- Additional comment from Anand Avati on 2014-11-17 06:44:21 EST ---

REVIEW: http://review.gluster.org/9138 (mgmt/glusterd: Out of bounds access to
fs_info struct) posted (#1) for review on master by Petr Medonos
(petr.medonos at etnetera.cz)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
