[Bugs] [Bug 1679169] New: Integer Overflow possible in md-cache.c due to data type inconsistency

bugzilla at redhat.com bugzilla at redhat.com
Wed Feb 20 14:09:24 UTC 2019 

https://bugzilla.redhat.com/show_bug.cgi?id=1679169

            Bug ID: 1679169
           Summary: Integer Overflow possible in md-cache.c due to data
                    type inconsistency
           Product: GlusterFS
           Version: 5
            Status: NEW
         Component: md-cache
          Keywords: Reopened
          Assignee: bugs at gluster.org
          Reporter: david.spisla at iternity.com
                CC: bugs at gluster.org
  Target Milestone: ---
    Classification: Community



+++ This bug was initially created as a clone of Bug #1678726 +++

Description of problem:

The 'struct md_cache' in md-cache.c uses int data types which are not in common
with the data types used in the 'struct iatt' in iatt.h . If one take a closer
look to the implementations one can see that the struct in md-cache.c uses
still the int data types like in the struct 'old_iatt' . This can lead to
unexpected side effects and some values of iatt maybe will not mapped
correctly. I would suggest to open a bug report. What do you think?

Additional info:

struct md_cache {
    ia_prot_t md_prot;
    uint32_t md_nlink;
    uint32_t md_uid;
    uint32_t md_gid;
    uint32_t md_atime;
    uint32_t md_atime_nsec;
    uint32_t md_mtime;
    uint32_t md_mtime_nsec;
    uint32_t md_ctime;
    uint32_t md_ctime_nsec;
    uint64_t md_rdev;
    uint64_t md_size;
    uint64_t md_blocks;
    uint64_t invalidation_time;
    uint64_t generation;
    dict_t *xattr;
    char *linkname;
    time_t ia_time;
    time_t xa_time;
    gf_boolean_t need_lookup;
    gf_boolean_t valid;
    gf_boolean_t gen_rollover;
    gf_boolean_t invalidation_rollover;
    gf_lock_t lock;
};

struct iatt {
    uint64_t ia_flags;
    uint64_t ia_ino;     /* inode number */
    uint64_t ia_dev;     /* backing device ID */
    uint64_t ia_rdev;    /* device ID (if special file) */
    uint64_t ia_size;    /* file size in bytes */
    uint32_t ia_nlink;   /* Link count */
    uint32_t ia_uid;     /* user ID of owner */
    uint32_t ia_gid;     /* group ID of owner */
    uint32_t ia_blksize; /* blocksize for filesystem I/O */
    uint64_t ia_blocks;  /* number of 512B blocks allocated */
    int64_t ia_atime;    /* last access time */
    int64_t ia_mtime;    /* last modification time */
    int64_t ia_ctime;    /* last status change time */
    int64_t ia_btime;    /* creation time. Fill using statx */
    uint32_t ia_atime_nsec;
    uint32_t ia_mtime_nsec;
    uint32_t ia_ctime_nsec;
    uint32_t ia_btime_nsec;
    uint64_t ia_attributes;      /* chattr related:compressed, immutable,
                                  * append only, encrypted etc.*/
    uint64_t ia_attributes_mask; /* Mask for the attributes */

    uuid_t ia_gfid;
    ia_type_t ia_type; /* type of file */
    ia_prot_t ia_prot; /* protection */
};

struct old_iatt {
    uint64_t ia_ino; /* inode number */
    uuid_t ia_gfid;
    uint64_t ia_dev;     /* backing device ID */
    ia_type_t ia_type;   /* type of file */
    ia_prot_t ia_prot;   /* protection */
    uint32_t ia_nlink;   /* Link count */
    uint32_t ia_uid;     /* user ID of owner */
    uint32_t ia_gid;     /* group ID of owner */
    uint64_t ia_rdev;    /* device ID (if special file) */
    uint64_t ia_size;    /* file size in bytes */
    uint32_t ia_blksize; /* blocksize for filesystem I/O */
    uint64_t ia_blocks;  /* number of 512B blocks allocated */
    uint32_t ia_atime;   /* last access time */
    uint32_t ia_atime_nsec;
    uint32_t ia_mtime; /* last modification time */
    uint32_t ia_mtime_nsec;
    uint32_t ia_ctime; /* last status change time */
    uint32_t ia_ctime_nsec;
};



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Worker Ant on 2019-02-19 14:06:34 UTC ---

REVIEW: https://review.gluster.org/22234 (md-cache: Adapt integer data types to
avoid integer overflow) posted (#1) for review on master by David Spisla

--- Additional comment from Worker Ant on 2019-02-20 12:14:08 UTC ---

REVIEW: https://review.gluster.org/22234 (md-cache: Adapt integer data types to
avoid integer overflow) merged (#3) on master by David Spisla

--- Additional comment from Worker Ant on 2019-02-20 14:01:16 UTC ---

REVIEW: https://review.gluster.org/22240 (md-cache: Adapt integer data types to
avoid integer overflow) posted (#1) for review on release-5 by David Spisla

--- Additional comment from Worker Ant on 2019-02-20 14:02:40 UTC ---

REVIEW: https://review.gluster.org/22241 (md-cache: Adapt integer data types to
avoid integer overflow) posted (#1) for review on release-6 by David Spisla

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list