Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1235904

Summary: fgetxattr() crashes when key name is NULL
Product: [Community] GlusterFS Reporter: Prashanth Pai <ppai>
Component: posixAssignee: Prashanth Pai <ppai>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3.7.2CC: bugs, gluster-bugs
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glusterfs-3.7.3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-30 09:50:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1233025    

Description Prashanth Pai 2015-06-26 04:41:35 UTC 
Description of problem:

fgetxattr() crashes when key name is NULL

Version-Release number of selected component (if applicable):
3.7.x branch

This is used to get the size of xattr list (to later allocate buffer):
glfs_flistxattr(glfd, NULL, 0);
glfs_flistxattr() internally has the following call:
syncop_fgetxattr (subvol, fd, &xattr, NULL, NULL, NULL);
strncmp() segfaults as name is NULL in posix_fgetxattr()

Actual results:
SEGFAULT

Expected results:
No crash

Additional info:
This coverity fix that's in master was missed (not backported) from 3.7.x branch.
Comment 1 Prashanth Pai 2015-06-26 05:33:56 UTC 
http://review.gluster.org/#/c/11213/
Comment 2 Anand Avati 2015-06-26 10:43:44 UTC 
COMMIT: http://review.gluster.org/11213 committed in release-3.7 by Raghavendra Bhat (raghavendra) 
------
commit 1da4ba883721e1613c4a0685e0fdd177a55eb07e
Author: Prashanth Pai <ppai>
Date:   Sun Jun 14 16:40:58 2015 +0530

    posix: Fix fgetxattr() crash when key name is NULL
    
    This is used to get the size of xattr list (to later allocate buffer):
    glfs_flistxattr(glfd, NULL, 0);
    
    glfs_flistxattr() internally has the following call:
    syncop_fgetxattr (subvol, fd, &xattr, NULL, NULL, NULL);
    
    strncmp() segfaults as name is NULL in posix_fgetxattr()
    
    Turns out this was a coverity fix in master branch that was not
    backported to 3.7.x tree.
    http://review.gluster.org/#/c/10252/
    
    BUG: 1235904
    Change-Id: I2ec4715f1ea2f0e9c5314b2dc358bc01ad7b7d45
    Signed-off-by: Prashanth Pai <ppai>
    Reviewed-on: http://review.gluster.org/11213
    Reviewed-by: Raghavendra Talur <rtalur>
    Tested-by: Gluster Build System <jenkins.com>
    Reviewed-by: Raghavendra Bhat <raghavendra>
Comment 3 Kaushal 2015-07-30 09:50:34 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.3, please open a new bug report.

glusterfs-3.7.3 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/12078
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user