[Gluster-devel] NetBSD AFR regression

Venky Shankar yknev.shankar at gmail.com
Mon Mar 23 17:39:46 UTC 2015


There are other instances where "iobuf_arena->page_size" is used in
iobuf.c and there are about a dozen callers for iobuf_size(). There
needs to be something fishy about the call in the patch you mention to
trigger the overrun.



On Mon, Mar 23, 2015 at 10:59 PM, Emmanuel Dreyfus <manu at netbsd.org> wrote:
> On Mon, Mar 23, 2015 at 01:51:07PM +0100, Emmanuel Dreyfus wrote:
>> I have ran out of smart ideas, and now I am going to start from older
>> master and add commits to find the offending one. Any better idea is
>> welcome.
>
> git bissect points a finger to this change:
> http://review.gluster.org/9708/
>
> Inthe patch I find this:
> +                iov.iov_len  = iobuf_size (iobuf)
>
> iobuf_size() contains:
>         size = iobuf->iobuf_arena->page_size;
>
> and in iobuf_create_stdalloc_arena():
>         iobuf_arena->page_size = 0x7fffffff;
>
> Am I wrong, or is that a good recipe for an overrun?
>
>
>
> --
> Emmanuel Dreyfus
> manu at netbsd.org
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-devel


More information about the Gluster-devel mailing list