Bug 763845 (GLUSTER-2113)

Summary: cli: memory corruption in add-brick and create volume parsing functions
Product: [Community] GlusterFS Reporter: Pranith Kumar K <pkarampu>
Component: cliAssignee: Pranith Kumar K <pkarampu>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: low    
Version: 3.1-alphaCC: gluster-bugs, rabhat
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Anand Avati 2010-11-16 04:46:06 UTC 
PATCH: http://patches.gluster.com/patch/5709 in master (cli: fix memory corruption in create volume and add-brick)
Comment 1 Pranith Kumar K 2010-11-16 06:06:40 UTC 
copied the bricks into dynamic memory to fix the bug.
Comment 2 Pranith Kumar K 2010-11-16 06:52:11 UTC 
In parsing functions of both create volume and add-brick there is a dict_set_str of a local string which will not be valid when the function returns.
Comment 3 Raghavendra Bhat 2011-02-22 03:57:58 UTC 
Corruption is fixed. Checked with the latest git (26cedae57d5b7cb8d50ed077ce29c92e30d6e260). 


This is the valgrind output from 3.1.0 pointing to the corruption,

CREATE:


==8821== Memcheck, a memory error detector
==8821== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==8821== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==8821== Command: gluster volume create vol replica 2 bigbang:/d/glusterfs/export/export bigbang:/e/glusterfs/export/export
==8821== Parent PID: 8792
==8821== 
==8821== Thread 3:
==8821== Invalid read of size 1
==8821==    at 0x4C29F00: memcpy (mc_replace_strmem.c:497)
==8821==    by 0x4E43FFA: _dict_serialize (dict.c:2406)
==8821==    by 0x4E44A93: dict_allocate_and_serialize (dict.c:2654)
==8821==    by 0x40F2DF: gf_cli3_1_create_volume (cli3_1-cops.c:1530)
==8821==    by 0x409A78: cli_cmd_volume_create_cbk (cli-cmd-volume.c:218)
==8821==    by 0x40854F: cli_cmd_process (cli-cmd.c:114)
==8821==    by 0x408082: cli_batch (input.c:44)
==8821==    by 0x5B609C9: start_thread (pthread_create.c:300)
==8821==    by 0x891A70F: ???
==8821==  Address 0x88fc8c0 is not stack'd, malloc'd or (recently) free'd
==8821== 
==8821== Invalid read of size 1
==8821==    at 0x4C29F07: memcpy (mc_replace_strmem.c:497)
==8821==    by 0x4E43FFA: _dict_serialize (dict.c:2406)
==8821==    by 0x4E44A93: dict_allocate_and_serialize (dict.c:2654)
==8821==    by 0x40F2DF: gf_cli3_1_create_volume (cli3_1-cops.c:1530)
==8821==    by 0x409A78: cli_cmd_volume_create_cbk (cli-cmd-volume.c:218)
==8821==    by 0x40854F: cli_cmd_process (cli-cmd.c:114)
==8821==    by 0x408082: cli_batch (input.c:44)
==8821==    by 0x5B609C9: start_thread (pthread_create.c:300)
==8821==    by 0x891A70F: ???
==8821==  Address 0x88fc8c1 is not stack'd, malloc'd or (recently) free'd
==8821== 
==8821== Invalid read of size 1
==8821==    at 0x4C29F10: memcpy (mc_replace_strmem.c:497)
==8821==    by 0x4E43FFA: _dict_serialize (dict.c:2406)
==8821==    by 0x4E44A93: dict_allocate_and_serialize (dict.c:2654)
==8821==    by 0x40F2DF: gf_cli3_1_create_volume (cli3_1-cops.c:1530)
==8821==    by 0x409A78: cli_cmd_volume_create_cbk (cli-cmd-volume.c:218)
==8821==    by 0x40854F: cli_cmd_process (cli-cmd.c:114)
==8821==    by 0x408082: cli_batch (input.c:44)
==8821==    by 0x5B609C9: start_thread (pthread_create.c:300)
==8821==    by 0x891A70F: ???
==8821==  Address 0x88fc8c2 is not stack'd, malloc'd or (recently) free'd

==8821== 
==8821== Invalid read of size 1
==8821==    at 0x4C29F19: memcpy (mc_replace_strmem.c:497)
==8821==    by 0x4E43FFA: _dict_serialize (dict.c:2406)
==8821==    by 0x4E44A93: dict_allocate_and_serialize (dict.c:2654)
==8821==    by 0x40F2DF: gf_cli3_1_create_volume (cli3_1-cops.c:1530)
==8821==    by 0x409A78: cli_cmd_volume_create_cbk (cli-cmd-volume.c:218)
==8821==    by 0x40854F: cli_cmd_process (cli-cmd.c:114)
==8821==    by 0x408082: cli_batch (input.c:44)
==8821==    by 0x5B609C9: start_thread (pthread_create.c:300)
==8821==    by 0x891A70F: ???
==8821==  Address 0x88fc8c3 is not stack'd, malloc'd or (recently) free'd
==8821== 
==8821== 
==8821== HEAP SUMMARY:
==8821==     in use at exit: 8,352,904 bytes in 416 blocks
==8821==   total heap usage: 512 allocs, 96 frees, 8,363,487 bytes allocated
==8821== 
==8821== Thread 1:


ADD_BRICK:
==8836== Memcheck, a memory error detector
==8836== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==8836== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==8836== Command: gluster volume add-brick vol bigbang:/d/glusterfs/export/export1 bigbang:/e/glusterfs/export/export1
==8836== Parent PID: 8792
==8836== 
==8836== Thread 3:
==8836== Invalid read of size 1
==8836==    at 0x4C29F00: memcpy (mc_replace_strmem.c:497)
==8836==    by 0x4E43FFA: _dict_serialize (dict.c:2406)
==8836==    by 0x4E44A93: dict_allocate_and_serialize (dict.c:2654)
==8836==    by 0x41001B: gf_cli3_1_add_brick (cli3_1-cops.c:1863)
==8836==    by 0x40A645: cli_cmd_volume_add_brick_cbk (cli-cmd-volume.c:602)
==8836==    by 0x40854F: cli_cmd_process (cli-cmd.c:114)
==8836==    by 0x408082: cli_batch (input.c:44)
==8836==    by 0x5B609C9: start_thread (pthread_create.c:300)
==8836==    by 0x891A70F: ???
==8836==  Address 0x88fc8b0 is not stack'd, malloc'd or (recently) free'd
==8836== 
==8836== Invalid read of size 1
==8836==    at 0x4C29F07: memcpy (mc_replace_strmem.c:497)
==8836==    by 0x4E43FFA: _dict_serialize (dict.c:2406)
==8836==    by 0x4E44A93: dict_allocate_and_serialize (dict.c:2654)
==8836==    by 0x41001B: gf_cli3_1_add_brick (cli3_1-cops.c:1863)
==8836==    by 0x40A645: cli_cmd_volume_add_brick_cbk (cli-cmd-volume.c:602)
==8836==    by 0x40854F: cli_cmd_process (cli-cmd.c:114)
==8836==    by 0x408082: cli_batch (input.c:44)
==8836==    by 0x5B609C9: start_thread (pthread_create.c:300)
==8836==    by 0x891A70F: ???
==8836==  Address 0x88fc8b1 is not stack'd, malloc'd or (recently) free'd
==8836== 
==8836== Invalid read of size 1
==8836==    at 0x4C29F10: memcpy (mc_replace_strmem.c:497)
==8836==    by 0x4E43FFA: _dict_serialize (dict.c:2406)
==8836==    by 0x4E44A93: dict_allocate_and_serialize (dict.c:2654)
==8836==    by 0x41001B: gf_cli3_1_add_brick (cli3_1-cops.c:1863)
==8836==    by 0x40A645: cli_cmd_volume_add_brick_cbk (cli-cmd-volume.c:602)
==8836==    by 0x40854F: cli_cmd_process (cli-cmd.c:114)
==8836==    by 0x408082: cli_batch (input.c:44)
==8836==    by 0x5B609C9: start_thread (pthread_create.c:300)
==8836==    by 0x891A70F: ???
==8836==  Address 0x88fc8b2 is not stack'd, malloc'd or (recently) free'd
==8836== 
==8836== Invalid read of size 1

==8836==    at 0x4C29F19: memcpy (mc_replace_strmem.c:497)
==8836==    by 0x4E43FFA: _dict_serialize (dict.c:2406)
==8836==    by 0x4E44A93: dict_allocate_and_serialize (dict.c:2654)
==8836==    by 0x41001B: gf_cli3_1_add_brick (cli3_1-cops.c:1863)
==8836==    by 0x40A645: cli_cmd_volume_add_brick_cbk (cli-cmd-volume.c:602)
==8836==    by 0x40854F: cli_cmd_process (cli-cmd.c:114)
==8836==    by 0x408082: cli_batch (input.c:44)
==8836==    by 0x5B609C9: start_thread (pthread_create.c:300)
==8836==    by 0x891A70F: ???
==8836==  Address 0x88fc8b3 is not stack'd, malloc'd or (recently) free'd
==8836== 
==8836== Invalid read of size 1
==8836==    at 0x4C29F60: memcpy (mc_replace_strmem.c:497)
==8836==    by 0x4E43FFA: _dict_serialize (dict.c:2406)
==8836==    by 0x4E44A93: dict_allocate_and_serialize (dict.c:2654)
==8836==    by 0x41001B: gf_cli3_1_add_brick (cli3_1-cops.c:1863)
==8836==    by 0x40A645: cli_cmd_volume_add_brick_cbk (cli-cmd-volume.c:602)
==8836==    by 0x40854F: cli_cmd_process (cli-cmd.c:114)
==8836==    by 0x408082: cli_batch (input.c:44)
==8836==    by 0x5B609C9: start_thread (pthread_create.c:300)
==8836==    by 0x891A70F: ???
==8836==  Address 0x88fc8f8 is not stack'd, malloc'd or (recently) free'd
==8836== 
==8836== 
==8836== HEAP SUMMARY:
==8836==     in use at exit: 8,352,304 bytes in 404 blocks
==8836==   total heap usage: 499 allocs, 95 frees, 8,362,798 bytes allocated


This is the valgrind output for latest git:

CREATE:

==12528== Memcheck, a memory error detector
==12528== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==12528== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==12528== Command: gluster volume create vol replica 2 bigbang:/d/glusterfs/export/export bigbang:/e/glusterfs/export/export
==12528== Parent PID: 12503
==12528== 
==12528== 
==12528== HEAP SUMMARY:
==12528==     in use at exit: 8,348,951 bytes in 423 blocks
==12528==   total heap usage: 527 allocs, 104 frees, 8,360,026 bytes allocated


ADD_BRICK:

==12543== Memcheck, a memory error detector
==12543== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==12543== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==12543== Command: gluster volume add-brick vol bigbang:/d/glusterfs/export/export1 bigbang:/e/glusterfs/export/export1
==12543== Parent PID: 12503
==12543== 
==12543== 
==12543== HEAP SUMMARY:
==12543==     in use at exit: 8,348,076 bytes in 390 blocks
==12543==   total heap usage: 510 allocs, 120 frees, 8,359,578 bytes allocated


In the latest git there are no invalid read logs indicating no corruption.
Comment 4 Anand Avati 2011-02-22 07:11:39 UTC 
PATCH: http://patches.gluster.com/patch/6229 in master (free the tokens obtained from the cli)