+++ This bug was initially created as a clone of Bug #1502928 +++ Description of problem: There are three of `goto out` at `send_brick_req` iobuf = iobuf_get2 (rpc->ctx->iobuf_pool, req_size); if (!iobuf) goto out; iobref = iobref_new (); if (!iobref) goto out; frame = create_frame (this, this->ctx->pool); if (!frame) goto out; that indicates the three of them (iobuf, iobref, frame) might be null and then jumps to label `out`. but there might be null pointer dereference after label out: out: iobref_unref (iobref); iobuf_unref (iobuf); STACK_DESTROY (frame->root); the error handling code might not work as expected. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: --- Additional comment from Worker Ant on 2017-10-17 09:10:47 EDT --- REVIEW: https://review.gluster.org/18538 (glusterd:Dereferencing the null pointer) posted (#1) for review on master by Sanju Rakonde (srakonde) --- Additional comment from Worker Ant on 2017-10-17 09:16:50 EDT --- REVIEW: https://review.gluster.org/18538 (glusterd:Dereferencing the null pointer) posted (#2) for review on master by Sanju Rakonde (srakonde) --- Additional comment from Worker Ant on 2017-10-17 09:29:43 EDT --- REVIEW: https://review.gluster.org/18539 (glusterd:Dereferencing the null pointer) posted (#1) for review on release-3.10 by Sanju Rakonde (srakonde)
REVIEW: https://review.gluster.org/18542 (glusterfsd: Dereferencing the null pointer) posted (#1) for review on master by Sanju Rakonde (srakonde)
REVIEW: https://review.gluster.org/18542 (glusterfsd: Dereferencing the null pointer) posted (#2) for review on master by Sanju Rakonde (srakonde)
COMMIT: https://review.gluster.org/18542 committed in master by Atin Mukherjee (amukherj) ------ commit 87bd25b64ae34cce95e87e724acfeab4c13d60a4 Author: Sanju Rakonde <srakonde> Date: Wed Oct 18 08:06:24 2017 +0530 glusterfsd: Dereferencing the null pointer Problem: When control reaches to out, one of (iobref, iobuf, frame) can be null.for iobref, iobuf iobref_unref() and iobuf_unref() functions are called respectively, which are using GF_VALIDATE_OR_GOTO(), so there won't be null pointer dereference. But for frame without null checking STACK_DESTROY(frame->root) is called causing null pointer dereference. Fix: adding a line for null checking, the function STACK_DESTROY(frame->root) is called only when frame is not null. Change-Id: I3a6684c11fb7b694b81d6ad4fec3bced5562ad88 BUG: 1503394 Signed-off-by: Sanju Rakonde <srakonde>
*** Bug 1505212 has been marked as a duplicate of this bug. ***
Where are the backports to 3.12 and 3.10? Thanks
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.13.0, please open a new bug report. glusterfs-3.13.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] http://lists.gluster.org/pipermail/announce/2017-December/000087.html [2] https://www.gluster.org/pipermail/gluster-users/