[Bugs] [Bug 1218381] New: rpc: Memory corruption because rpcsvc_register_notify interprets opaque mydata argument as xlator pointer

bugzilla at redhat.com bugzilla at redhat.com
Mon May 4 18:27:59 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1218381

            Bug ID: 1218381
           Summary: rpc: Memory corruption  because rpcsvc_register_notify
                    interprets opaque mydata argument as xlator pointer
           Product: GlusterFS
           Version: 3.7.0
         Component: rpc
          Assignee: bugs at gluster.org
          Reporter: khiremat at redhat.com
                CC: bugs at gluster.org, gluster-bugs at redhat.com
        Depends On: 1215161



+++ This bug was initially created as a clone of Bug #1215161 +++

Description of problem:
Memory corruption might happen to mydata argument passed while registering with
rpc using following routine as it interprets mydata as xlator pointer.

int
rpcsvc_register_notify (rpcsvc_t *svc, rpcsvc_notify_t notify, void *mydata)


Version-Release number of selected component (if applicable):
mainline

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
Possible Memory corruption of mydata

Expected results:
mydata should not be interpreted as xlator pointer and should not be touched.

Additional info:

--- Additional comment from Kotresh HR on 2015-04-24 09:13:32 EDT ---

Following core is seen with geo-rep using changelog.

(gdb) 
#0  0x00007f2c79b373a0 in pthread_mutex_lock () from /lib64/libpthread.so.0
#1  0x00007f2c5fdf70d1 in gf_changelog_process (data=0x7f2c6405c520)
    at
/home/jenkins/root/workspace/smoke/xlators/features/changelog/lib/src/gf-changelog-journal-handler.c:592
#2  0x00007f2c79b359d1 in start_thread () from /lib64/libpthread.so.0
#3  0x00007f2c791f78fd in clone () from /lib64/libc.so.6

(gdb) p *((gf_changelog_journal_t *)0x7f2c6405c520)->jnl_proc
$6 = {lock = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0,
__kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, 
    __size = '\000' <repeats 39 times>, __align = 0}, cond = {__data = {__lock
= 0, __futex = 0, __total_seq = 0, __wakeup_seq = 0, __woken_seq = 0, __mutex =
0x0, 
      __nwaiters = 0, __broadcast_seq = 0}, __size = '\000' <repeats 47 times>,
__align = 0}, waiting = _gf_false, processor = 139828389721856, entries = {
    next = 0x7f2c64076b08, prev = 0x7f2c64076b08}}
(gdb)


Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1215161
[Bug 1215161] rpc: Memory corruption  because rpcsvc_register_notify
interprets opaque mydata argument as xlator pointer
-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list