[Bugs] [Bug 1519315] glusterfs 3.13.3 crashes with segmentation fault in xdr_gf_dump_req

bugzilla at redhat.com bugzilla at redhat.com
Thu Nov 30 21:41:17 UTC 2017 

https://bugzilla.redhat.com/show_bug.cgi?id=1519315



--- Comment #5 from Erik Zscheile <erik.zscheile.ytrizja at gmail.com> ---
relevant code snippets

parts from glibc xdr_intXX_t.c:

---- __GI_xdr_uint64_t

/* XDR 64bit integers */
bool_t
xdr_int64_t (XDR *xdrs, int64_t *ip)
{
  int32_t t1, t2;
  switch (xdrs->x_op)
    {
    case XDR_ENCODE:
      t1 = (int32_t) ((*ip) >> 32);
      t2 = (int32_t) (*ip);
      return (XDR_PUTINT32(xdrs, &t1) && XDR_PUTINT32(xdrs, &t2));
    case XDR_DECODE: /*** SEGFAULT HERE ***/
      if (!XDR_GETINT32(xdrs, &t1) || !XDR_GETINT32(xdrs, &t2))
        return FALSE;
      *ip = ((int64_t) t1) << 32;
      *ip |= (uint32_t) t2;        /* Avoid sign extension.  */
      return TRUE;
    case XDR_FREE:
      return TRUE;
    default:
      return FALSE;
    }
}
libc_hidden_nolink_sunrpc (xdr_int64_t, GLIBC_2_1_1)
bool_t
xdr_quad_t (XDR *xdrs, quad_t *ip)
{
  return xdr_int64_t (xdrs, (int64_t *) ip);
}
libc_hidden_nolink_sunrpc (xdr_quad_t, GLIBC_2_3_4)

----

parts from
  libtirpc-1.0.2/src/
  glusterfs-3.12.3/contrib/sunrpc/
xdr_sizeof.c

---- xdr_sizeof

unsigned long
xdr_sizeof (xdrproc_t func, void *data)
{
        XDR x;
        struct xdr_ops ops;
        bool_t stat;

#ifdef GF_DARWIN_HOST_OS
        typedef bool_t (*dummyfunc1) (XDR *, int *);
#else
        typedef bool_t (*dummyfunc1) (XDR *, long *);
#endif
        typedef bool_t (*dummyfunc2) (XDR *, caddr_t, u_int);

        ops.x_putlong = x_putlong;
        ops.x_putbytes = x_putbytes;
        ops.x_inline = x_inline;
        ops.x_getpostn = x_getpostn;
        ops.x_setpostn = x_setpostn;
        ops.x_destroy = x_destroy;

        /* the other harmless ones */
        ops.x_getlong = (dummyfunc1) harmless;
        ops.x_getbytes = (dummyfunc2) harmless;
        /*** ops.x_getint32 NOT SET ***/

        x.x_op = XDR_ENCODE;
        x.x_ops = &ops;
        x.x_handy = 0;
        x.x_private = (caddr_t) NULL;
        x.x_base = (caddr_t) 0;

        stat = func (&x, data, 0);
        if (x.x_private)
                free (x.x_private);
        return (stat == TRUE ? (unsigned) x.x_handy : 0);
}

----

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list