Bug 1383593

Summary:	glfs_realpath() should not return malloc()'d allocated memory
Product:	[Community] GlusterFS	Reporter:	Niels de Vos <ndevos>
Component:	libgfapi	Assignee:	Niels de Vos <ndevos>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Sudhir D <sdharane>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	3.7.15	CC:	bugs
Target Milestone:	---	Keywords:	Triaged
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	glusterfs-3.7.17	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:	1370931	Environment:
Last Closed:	2016-11-16 10:52:08 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1370931
Bug Blocks:

Description Niels de Vos 2016-10-11 07:31:48 UTC

+++ This bug was initially created as a clone of Bug #1370931 +++

Description of problem:
Very similar to how upcall events are allocated by gfapi and returned to the applications, glfs_realpath() uses malloc(). 

Version-Release number of selected component (if applicable):
all

How reproducible:
Compile an application that calls glfs_realpath() and have the function allocate the memory on behalf of the application. If the application uses a different memory allocated (i.e. jemalloc), free() will not work correctly and can cause segfaults.

Additional info:
See http://review.gluster.org/14701 for a more complete description.

--- Additional comment from Worker Ant on 2016-08-28 16:36:33 CEST ---

REVIEW: http://review.gluster.org/15332 (gfapi: warn when glfs_realpath() returned malloc'd memory) posted (#1) for review on master by Niels de Vos (ndevos)

--- Additional comment from Worker Ant on 2016-08-29 13:52:54 CEST ---

REVIEW: http://review.gluster.org/15332 (gfapi: warn when glfs_realpath() returned malloc'd memory) posted (#2) for review on master by Niels de Vos (ndevos)

--- Additional comment from Worker Ant on 2016-08-29 22:05:12 CEST ---

REVIEW: http://review.gluster.org/15332 (gfapi: warn when glfs_realpath() returned malloc'd memory) posted (#3) for review on master by Niels de Vos (ndevos)

--- Additional comment from Worker Ant on 2016-09-13 13:40:25 CEST ---

REVIEW: http://review.gluster.org/15332 (gfapi: warn when glfs_realpath() returned malloc'd memory) posted (#4) for review on master by Niels de Vos (ndevos)

--- Additional comment from Worker Ant on 2016-09-30 13:10:24 CEST ---

REVIEW: http://review.gluster.org/15332 (gfapi: warn when glfs_realpath() returned malloc'd memory) posted (#5) for review on master by Niels de Vos (ndevos)

--- Additional comment from Worker Ant on 2016-09-30 15:49:11 CEST ---

REVIEW: http://review.gluster.org/15332 (gfapi: warn when glfs_realpath() returned malloc'd memory) posted (#6) for review on master by Niels de Vos (ndevos)

--- Additional comment from Worker Ant on 2016-10-10 15:33:38 CEST ---

REVIEW: http://review.gluster.org/15332 (gfapi: warn when glfs_realpath() returned malloc'd memory) posted (#7) for review on master by Niels de Vos (ndevos)

--- Additional comment from Worker Ant on 2016-10-11 09:14:04 CEST ---

COMMIT: http://review.gluster.org/15332 committed in master by Niels de Vos (ndevos) 
------
commit 85e959052148ec481823d55c8b91cdee36da2b43
Author: Niels de Vos <ndevos>
Date:   Tue Sep 13 09:03:56 2016 +0200

    gfapi: warn when glfs_realpath() returned malloc'd memory
    
    glfs_realpath() may return memory allocated with malloc(). Depending on
    the memory allocator that the application uses, calling free() on the
    returned string can cause segmentation faults or other problems.
    
    Functions that allocate memory, need to match the free'ing of the same
    memory allocator and memory accounting. glibc/malloc and jemalloc/free
    do not match together (other allocators could probably trigger these
    problems as well).
    
    Applications need to provide a pre-allocated buffer, or in case
    glfs_realpath() allocates the memory, glfs_free() should be used to free
    it.
    
    Change-Id: I5d721a7425674aa700db8a7a436cbedb95a5927f
    BUG: 1370931
    Signed-off-by: Niels de Vos <ndevos>
    Reviewed-on: http://review.gluster.org/15332
    CentOS-regression: Gluster Build System <jenkins.org>
    Smoke: Gluster Build System <jenkins.org>
    NetBSD-regression: NetBSD Build System <jenkins.org>
    Reviewed-by: Kaleb KEITHLEY <kkeithle>

Comment 1 Worker Ant 2016-10-12 10:45:04 UTC

REVIEW: http://review.gluster.org/15628 (gfapi: warn when glfs_realpath() returned malloc'd memory) posted (#1) for review on release-3.7 by Niels de Vos (ndevos)

Comment 2 Worker Ant 2016-10-28 11:40:13 UTC

COMMIT: http://review.gluster.org/15628 committed in release-3.7 by Kaleb KEITHLEY (kkeithle) 
------
commit fbeefb873a1b9103e1c6449b64c172aa4654addd
Author: Niels de Vos <ndevos>
Date:   Wed Oct 12 12:44:13 2016 +0200

    gfapi: warn when glfs_realpath() returned malloc'd memory
    
    glfs_realpath() may return memory allocated with malloc(). Depending on
    the memory allocator that the application uses, calling free() on the
    returned string can cause segmentation faults or other problems.
    
    Functions that allocate memory, need to match the free'ing of the same
    memory allocator and memory accounting. glibc/malloc and jemalloc/free
    do not match together (other allocators could probably trigger these
    problems as well).
    
    Applications need to provide a pre-allocated buffer, or in case
    glfs_realpath() allocates the memory, glfs_free() should be used to free
    it.
    
    Cherry picked from commit 85e959052148ec481823d55c8b91cdee36da2b43:
    > Change-Id: I5d721a7425674aa700db8a7a436cbedb95a5927f
    > BUG: 1370931
    > Signed-off-by: Niels de Vos <ndevos>
    > Reviewed-on: http://review.gluster.org/15332
    > CentOS-regression: Gluster Build System <jenkins.org>
    > Smoke: Gluster Build System <jenkins.org>
    > NetBSD-regression: NetBSD Build System <jenkins.org>
    > Reviewed-by: Kaleb KEITHLEY <kkeithle>
    
    Change-Id: I5d721a7425674aa700db8a7a436cbedb95a5927f
    BUG: 1383593
    Signed-off-by: Niels de Vos <ndevos>
    Reviewed-on: http://review.gluster.org/15628
    Smoke: Gluster Build System <jenkins.org>
    NetBSD-regression: NetBSD Build System <jenkins.org>
    CentOS-regression: Gluster Build System <jenkins.org>
    Reviewed-by: Kaleb KEITHLEY <kkeithle>

Comment 3 Samikshan Bairagya 2016-11-16 10:52:08 UTC

This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.17, please open a new bug report.

glusterfs-3.7.17 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://www.gluster.org/pipermail/gluster-devel/2016-November/051414.html
[2] https://www.gluster.org/pipermail/gluster-users/