[Gluster-devel] buffer corruption in io-stats
Emmanuel Dreyfus
manu at netbsd.org
Sun May 13 08:27:20 UTC 2012
I get a reproductible SIGSEGV with sources from latest git. iosfd is
overwritten by the file path, it seems there is a confusion somewhere
between iosfd->filename pointer value and pointed buffer
(gdb) bt
#1 0xbb92891b in free () from /lib/libc.so.12
#2 0xbbbb37a7 in __gf_free (free_ptr=0x74656e2f) at mem-pool.c:258
#3 0xb9a85378 in io_stats_release (this=0xba3e3000, fd=0xb8f9d098)
at io-stats.c:2420
#4 0xbbbafcc0 in fd_destroy (fd=0xb8f9d098) at fd.c:507
#5 0xbbbafdf8 in fd_unref (fd=0xb8f9d098) at fd.c:543
#6 0xbbbaf7cf in gf_fdptr_put (fdtable=0xbb77d070, fd=0xb8f9d098) at
fd.c:393
#7 0xbb821147 in fuse_release ()
from /usr/local/lib/glusterfs/3git/xlator/mount/fuse.so
#8 0xbb82a2e1 in fuse_thread_proc ()
from /usr/local/lib/glusterfs/3git/xlator/mount/fuse.so
(gdb) frame 3
#3 0xb9a85378 in io_stats_release (this=0xba3e3000, fd=0xb8f9d098)
at io-stats.c:2420
2420 GF_FREE (iosfd->filename);
(gdb) print *iosfd
$2 = {filename = 0x74656e2f <Address 0x74656e2f out of bounds>,
data_written = 3418922014271107938, data_read = 7813586423313035891,
block_count_write = {4788563690262784356, 3330756270057407571,
7074933154630937908, 28265, 0 <repeats 28 times>}, block_count_read
= { 0 <repeats 32 times>}, opened_at = {tv_sec = 1336897011, tv_usec
= 145734}}
(gdb) x/10s iosfd
0xbb70f800: "/netbsd/usr/src/tooldir.NetBSD-6.99.4-i386/bin"
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu at netbsd.org
More information about the Gluster-devel
mailing list