[Bugs] [Bug 1647651] New: gfapi: fix bad dict setting of lease-id

bugzilla at redhat.com bugzilla at redhat.com
Thu Nov 8 03:21:38 UTC 2018 

https://bugzilla.redhat.com/show_bug.cgi?id=1647651

            Bug ID: 1647651
           Summary: gfapi: fix bad dict setting of lease-id
           Product: GlusterFS
           Version: mainline
         Component: libgfapi
          Assignee: bugs at gluster.org
          Reporter: kinglongmee at gmail.com
        QA Contact: bugs at gluster.org
                CC: bugs at gluster.org



Description of problem:

lease_id is a 16 bits opaque data, copying it by gf_strdup is wrong.

Invalid read of size 2
   at 0x483FA2F: memmove (vg_replace_strmem.c:1270)
   by 0xE2EF6FB: ??? (in /usr/lib64/libtirpc.so.3.0.0)
   by 0xE2EE047: xdr_opaque (in /usr/lib64/libtirpc.so.3.0.0)
   by 0x107A97DC: xdr_gfx_value (glusterfs4-xdr.c:207)
   by 0x107A98C0: xdr_gfx_dict_pair (glusterfs4-xdr.c:321)
   by 0xE2EF35E: xdr_array (in /usr/lib64/libtirpc.so.3.0.0)
   by 0x107A9A89: xdr_gfx_dict (glusterfs4-xdr.c:335)
   by 0x107AA97B: xdr_gfx_write_req (glusterfs4-xdr.c:897)
   by 0x107A181E: xdr_serialize_generic (xdr-generic.c:25)
   by 0x231044A2: client_submit_request (client.c:205)
   by 0x2314D3C1: client4_0_writev (client-rpc-fops_v2.c:3863)
   by 0x230FD5FA: client_writev (client.c:956)
 Address 0xad659e18 is 72 bytes inside a block of size 73 alloc'd
   at 0x483880B: malloc (vg_replace_malloc.c:299)
   by 0x106BA7EC: __gf_malloc (mem-pool.c:136)
   by 0x1064521E: gf_strndup (mem-pool.h:166)
   by 0x1064521E: gf_strdup (mem-pool.h:183)
   by 0x1064521E: get_fop_attr_thrd_key (glfs.c:627)
   by 0x1064D8E9: glfs_pwritev@@GFAPI_3.4.0 (glfs-fops.c:1154)
   by 0x10610C0C: glusterfs_write2 (handle.c:2092)
   by 0x54D30C: mdcache_write2 (mdcache_file.c:647)
   by 0x48A3FC: nfs4_write (nfs4_op_write.c:459)
   by 0x48A44D: nfs4_op_write (nfs4_op_write.c:487)
   by 0x4634F5: nfs4_Compound (nfs4_Compound.c:947)
   by 0x460155: nfs_rpc_process_request (nfs_worker_thread.c:1329)
   by 0x4608A3: nfs_rpc_valid_NFS (nfs_worker_thread.c:1539)
   by 0x488F12F: svc_vc_decode (svc_vc.c:825)

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list