[Gluster-devel] Stale state->fd->inode and race condition with fd_destroy()
Emmanuel Dreyfus
manu at netbsd.org
Sun Jul 3 09:27:28 UTC 2011
Emmanuel Dreyfus <manu at netbsd.org> wrote:
> Program terminated with signal 11, Segmentation fault.
Same problem here:
Program terminated with signal 11, Segmentation fault.
#0 0xba4cf88b in resolve_loc_touchup (frame=0xbad002f0)
at ../../../../libglusterfs/src/mem-pool.h:127
Here is it:
static inline
char * gf_strdup (const char *src)
{
char *dup_str = NULL;
size_t len = 0;
len = strlen (src) + 1;
src is not a C string. We got there through resolve_loc_touchup():
if (!path)
path = gf_strdup (resolve->path);
And here is resolve, where path is NULL.
(gdb) print *((server_state_t *)frame->root->state)->resolve_now
$5 = {type = 0, fd_no = 18446744073709551615, ino = 0, gen = 0, par = 0,
gfid = '\0' <repeats 15 times>, pargfid = '\0' <repeats 15 times>,
path = 0x0, bname = 0x0, resolved = 0x0, op_ret = 0, op_errno = 0,
deep_loc = {path = 0x0, name = 0x0, ino = 0, inode = 0x0,
parent = 0x0}, components = 0x0, comp_count = 0}
Perhaps gf_strdup could return NULL when it gets a NULL string? This is
what strdup(3) does AFAIK. But I suspect that resolve_loc_touchup()
lacks a check for error for resolve->path being NULL.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu at netbsd.org
More information about the Gluster-devel
mailing list