Description of problem: Our code scanner has reported a potential null pointer dereference at xlators/features/changelog/lib/src/gf-history-changelog.c xlator_t *this = NULL; ........ pthread_attr_t attr; ret = pthread_attr_init (&attr); if (ret != 0) { gf_msg (this->name, GF_LOG_ERROR, errno, // <== `this` variable is still NULL at this time. CHANGELOG_LIB_MSG_PTHREAD_ERROR, "Pthread init failed"); return -1; } this = THIS; // `this` variable gets assignment here, it was NULL before that if (!this) { ret = -1; goto out; } according to the documentation of pthread_attr_init, the chance of its invocation failure is low, but once happened, the process will crash (the GEO replication syncdaemon seems using this function). Regards, Alex, SourceBrella Inc.
REVIEW: https://review.gluster.org/18562 (libgfchangelog: Fix possible null pointer dereference) posted (#1) for review on release-3.10 by Kotresh HR (khiremat)
COMMIT: https://review.gluster.org/18562 committed in release-3.10 by Shyamsundar Ranganathan (srangana) ------ commit 115bf4332307fa0f95688dcab73341adfa7071ed Author: Kotresh HR <khiremat> Date: Mon Oct 23 06:46:49 2017 -0400 libgfchangelog: Fix possible null pointer dereference If pthread_attr_init fails, gf_msg uses this->name where 'this' is not initialized yet. This patch fixes the same. > Change-Id: Ie004cbe1015a0d62fc3b5512e8954c5606eeeb5f > Signed-off-by: Kotresh HR <khiremat> > BUG: 1505325 (cherry picked from commit 738c38f0efa7b4d4dab0cf23d00589d68e4eb88d) Change-Id: Ie004cbe1015a0d62fc3b5512e8954c5606eeeb5f Signed-off-by: Kotresh HR <khiremat> BUG: 1503405
This cannot be controlled and does not accept anything from user. Low impact 'non security' bug.
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.10.7, please open a new bug report. glusterfs-3.10.7 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] http://lists.gluster.org/pipermail/announce/2017-November/000085.html [2] https://www.gluster.org/pipermail/gluster-users/