[Bugs] [Bug 1680020] New: Integer Overflow possible in md-cache.c due to data type inconsistency

bugzilla at redhat.com bugzilla at redhat.com
Fri Feb 22 14:46:20 UTC 2019


https://bugzilla.redhat.com/show_bug.cgi?id=1680020

            Bug ID: 1680020
           Summary: Integer Overflow possible in md-cache.c due to data
                    type inconsistency
           Product: GlusterFS
           Version: 6
            Status: NEW
         Component: md-cache
          Keywords: Reopened
          Assignee: bugs at gluster.org
          Reporter: srangana at redhat.com
                CC: bugs at gluster.org, david.spisla at iternity.com,
                    pasik at iki.fi
        Depends On: 1678726
  Target Milestone: ---
    Classification: Community



+++ This bug was initially created as a clone of Bug #1678726 +++

Description of problem:

The 'struct md_cache' in md-cache.c uses int data types which are not in common
with the data types used in the 'struct iatt' in iatt.h . If one take a closer
look to the implementations one can see that the struct in md-cache.c uses
still the int data types like in the struct 'old_iatt' . This can lead to
unexpected side effects and some values of iatt maybe will not mapped
correctly. I would suggest to open a bug report. What do you think?

Additional info:

struct md_cache {
    ia_prot_t md_prot;
    uint32_t md_nlink;
    uint32_t md_uid;
    uint32_t md_gid;
    uint32_t md_atime;
    uint32_t md_atime_nsec;
    uint32_t md_mtime;
    uint32_t md_mtime_nsec;
    uint32_t md_ctime;
    uint32_t md_ctime_nsec;
    uint64_t md_rdev;
    uint64_t md_size;
    uint64_t md_blocks;
    uint64_t invalidation_time;
    uint64_t generation;
    dict_t *xattr;
    char *linkname;
    time_t ia_time;
    time_t xa_time;
    gf_boolean_t need_lookup;
    gf_boolean_t valid;
    gf_boolean_t gen_rollover;
    gf_boolean_t invalidation_rollover;
    gf_lock_t lock;
};

struct iatt {
    uint64_t ia_flags;
    uint64_t ia_ino;     /* inode number */
    uint64_t ia_dev;     /* backing device ID */
    uint64_t ia_rdev;    /* device ID (if special file) */
    uint64_t ia_size;    /* file size in bytes */
    uint32_t ia_nlink;   /* Link count */
    uint32_t ia_uid;     /* user ID of owner */
    uint32_t ia_gid;     /* group ID of owner */
    uint32_t ia_blksize; /* blocksize for filesystem I/O */
    uint64_t ia_blocks;  /* number of 512B blocks allocated */
    int64_t ia_atime;    /* last access time */
    int64_t ia_mtime;    /* last modification time */
    int64_t ia_ctime;    /* last status change time */
    int64_t ia_btime;    /* creation time. Fill using statx */
    uint32_t ia_atime_nsec;
    uint32_t ia_mtime_nsec;
    uint32_t ia_ctime_nsec;
    uint32_t ia_btime_nsec;
    uint64_t ia_attributes;      /* chattr related:compressed, immutable,
                                  * append only, encrypted etc.*/
    uint64_t ia_attributes_mask; /* Mask for the attributes */

    uuid_t ia_gfid;
    ia_type_t ia_type; /* type of file */
    ia_prot_t ia_prot; /* protection */
};

struct old_iatt {
    uint64_t ia_ino; /* inode number */
    uuid_t ia_gfid;
    uint64_t ia_dev;     /* backing device ID */
    ia_type_t ia_type;   /* type of file */
    ia_prot_t ia_prot;   /* protection */
    uint32_t ia_nlink;   /* Link count */
    uint32_t ia_uid;     /* user ID of owner */
    uint32_t ia_gid;     /* group ID of owner */
    uint64_t ia_rdev;    /* device ID (if special file) */
    uint64_t ia_size;    /* file size in bytes */
    uint32_t ia_blksize; /* blocksize for filesystem I/O */
    uint64_t ia_blocks;  /* number of 512B blocks allocated */
    uint32_t ia_atime;   /* last access time */
    uint32_t ia_atime_nsec;
    uint32_t ia_mtime; /* last modification time */
    uint32_t ia_mtime_nsec;
    uint32_t ia_ctime; /* last status change time */
    uint32_t ia_ctime_nsec;
};


Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1678726
[Bug 1678726] Integer Overflow possible in md-cache.c due to data type
inconsistency
-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.


More information about the Bugs mailing list