Bug 772601

Summary: crash in 'quota_fgetxattr()' when 'name' is null
Product: [Community] GlusterFS Reporter: Amar Tumballi <amarts>
Component: quotaAssignee: Amar Tumballi <amarts>
Status: CLOSED CURRENTRELEASE QA Contact: Saurabh <saujain>
Severity: high Docs Contact:
Priority: high    
Version: mainlineCC: gluster-bugs, mzywusko, vraman
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: All   
Whiteboard:
Fixed In Version: glusterfs-3.4.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-24 17:44:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 817967    

Description Amar Tumballi 2012-01-09 12:00:21 UTC 
Description of problem:
crash of the process when flistxattr() is issued (ie, key argument will be NULL).

Version-Release number of selected component (if applicable):
mainline

How reproducible:
issue 'flistxattr()' on mount point, when quota is enabled.

  
Actual results: 'flistxattr()' segfaults


Expected results: work without any issues


Additional info:
Program terminated with signal 11, Segmentation fault.
#0  0x00000037ccf3d3f9 in __strcasecmp_l_ssse3 () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.14-5.x86_64 libgcc-4.6.1-9.fc15.x86_64
(gdb) bt
#0  0x00000037ccf3d3f9 in __strcasecmp_l_ssse3 () from /lib64/libc.so.6
#1  0x00007fbad81c4915 in quota_fgetxattr (frame=0x7fbadcd7406c, this=0x1045c60, fd=0x7fbacfe4004c, name=0x0) at ../../../../../xlators/features/quota/src/quota.c:2020
#2  0x00007fbade196aaa in default_fgetxattr (frame=0x7fbadcd730f8, this=0x1046f80, fd=0x7fbacfe4004c, name=0x0) at ../../../libglusterfs/src/defaults.c:828
#3  0x00007fbade196aaa in default_fgetxattr (frame=0x7fbadcd737b0, this=0x1048250, fd=0x7fbacfe4004c, name=0x0) at ../../../libglusterfs/src/defaults.c:828
#4  0x00007fbade196aaa in default_fgetxattr (frame=0x7fbadcd73bb8, this=0x10494f0, fd=0x7fbacfe4004c, name=0x0) at ../../../libglusterfs/src/defaults.c:828
#5  0x00007fbad3790304 in qr_fgetxattr (frame=0x7fbadcd73f14, this=0x104a660, fd=0x7fbacfe4004c, name=0x0) at ../../../../../xlators/performance/quick-read/src/quick-read.c:2144
#6  0x00007fbade196aaa in default_fgetxattr (frame=0x7fbadcd73e68, this=0x104ba00, fd=0x7fbacfe4004c, name=0x0) at ../../../libglusterfs/src/defaults.c:828
#7  0x00007fbad332f019 in io_stats_fgetxattr (frame=0x7fbadcd73658, this=0x104ccd0, fd=0x7fbacfe4004c, name=0x0) at ../../../../../xlators/debug/io-stats/src/io-stats.c:2257
#8  0x00007fbad3109074 in posix_acl_fgetxattr (frame=0x7fbadcd73250, this=0x104dfe0, fd=0x7fbacfe4004c, name=0x0) at ../../../../../xlators/system/posix-acl/src/posix-acl.c:1882
#9  0x00007fbadb1181a4 in fuse_listxattr_resume (state=0x7fbac8000f50) at ../../../../../xlators/mount/fuse/src/fuse-bridge.c:2874
#10 0x00007fbadb0fd9e1 in fuse_resolve_and_resume (state=0x7fbac8000f50, fn=0x7fbadb117bc7 <fuse_listxattr_resume>) at ../../../../../xlators/mount/fuse/src/fuse-resolve.c:754
#11 0x00007fbadb118ce8 in fuse_listxattr (this=0x1033e30, finh=0x7fbac8001930, msg=0x7fbac8001958) at ../../../../../xlators/mount/fuse/src/fuse-bridge.c:2926
#12 0x00007fbadb11d6c6 in fuse_thread_proc (data=0x1033e30) at ../../../../../xlators/mount/fuse/src/fuse-bridge.c:3589
#13 0x00000037cd207b31 in start_thread () from /lib64/libpthread.so.0
#14 0x00000037ccedfd2d in clone () from /lib64/libc.so.6
(gdb) up
#1  0x00007fbad81c4915 in quota_fgetxattr (frame=0x7fbadcd7406c, this=0x1045c60, fd=0x7fbacfe4004c, name=0x0) at ../../../../../xlators/features/quota/src/quota.c:2020
2020	        if (strcasecmp (name, "trusted.limit.list") == 0) {
(gdb) l
2015	quota_fgetxattr (call_frame_t *frame, xlator_t *this, fd_t *fd,
2016	                 const char *name)
2017	{
2018	        int32_t ret     = 0;
2019	
2020	        if (strcasecmp (name, "trusted.limit.list") == 0) {
2021	                ret = quota_send_dir_limit_to_cli (frame, this, fd->inode,
2022	                                                   name);

need to check for 'name' for being NULL before using it in strcasecmp().
Comment 1 Amar Tumballi 2012-02-14 07:01:41 UTC 
sent a patch http://review.gluster.com/2743
Comment 2 Anand Avati 2012-02-14 10:43:32 UTC 
CHANGE: http://review.gluster.com/2743 (features/quota: fix a crash in fgetxattr() by checking for NULL arg) merged in master by Vijay Bellur (vijay)
Comment 3 Amar Tumballi 2012-05-31 05:36:48 UTC 
tested using 'extras/test/test-ffop.c', by removing unlink(), and building GlusterFS source with '-DGF_TEST_FFOP' flag. The crash happened with earlier version (before the patch went in), and now on release-3.3 it doesn't crash.