Bug 772601 - crash in 'quota_fgetxattr()' when 'name' is null
crash in 'quota_fgetxattr()' when 'name' is null
Status: CLOSED CURRENTRELEASE
Product: GlusterFS
Classification: Community
Component: quota (Show other bugs)
mainline
Unspecified All
high Severity high
: ---
: ---
Assigned To: Amar Tumballi
Saurabh
:
Depends On:
Blocks: 817967
  Show dependency treegraph
 
Reported: 2012-01-09 07:00 EST by Amar Tumballi
Modified: 2016-01-19 01:09 EST (History)
3 users (show)

See Also:
Fixed In Version: glusterfs-3.4.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-24 13:44:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Amar Tumballi 2012-01-09 07:00:21 EST
Description of problem:
crash of the process when flistxattr() is issued (ie, key argument will be NULL).

Version-Release number of selected component (if applicable):
mainline

How reproducible:
issue 'flistxattr()' on mount point, when quota is enabled.

  
Actual results: 'flistxattr()' segfaults


Expected results: work without any issues


Additional info:
Program terminated with signal 11, Segmentation fault.
#0  0x00000037ccf3d3f9 in __strcasecmp_l_ssse3 () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.14-5.x86_64 libgcc-4.6.1-9.fc15.x86_64
(gdb) bt
#0  0x00000037ccf3d3f9 in __strcasecmp_l_ssse3 () from /lib64/libc.so.6
#1  0x00007fbad81c4915 in quota_fgetxattr (frame=0x7fbadcd7406c, this=0x1045c60, fd=0x7fbacfe4004c, name=0x0) at ../../../../../xlators/features/quota/src/quota.c:2020
#2  0x00007fbade196aaa in default_fgetxattr (frame=0x7fbadcd730f8, this=0x1046f80, fd=0x7fbacfe4004c, name=0x0) at ../../../libglusterfs/src/defaults.c:828
#3  0x00007fbade196aaa in default_fgetxattr (frame=0x7fbadcd737b0, this=0x1048250, fd=0x7fbacfe4004c, name=0x0) at ../../../libglusterfs/src/defaults.c:828
#4  0x00007fbade196aaa in default_fgetxattr (frame=0x7fbadcd73bb8, this=0x10494f0, fd=0x7fbacfe4004c, name=0x0) at ../../../libglusterfs/src/defaults.c:828
#5  0x00007fbad3790304 in qr_fgetxattr (frame=0x7fbadcd73f14, this=0x104a660, fd=0x7fbacfe4004c, name=0x0) at ../../../../../xlators/performance/quick-read/src/quick-read.c:2144
#6  0x00007fbade196aaa in default_fgetxattr (frame=0x7fbadcd73e68, this=0x104ba00, fd=0x7fbacfe4004c, name=0x0) at ../../../libglusterfs/src/defaults.c:828
#7  0x00007fbad332f019 in io_stats_fgetxattr (frame=0x7fbadcd73658, this=0x104ccd0, fd=0x7fbacfe4004c, name=0x0) at ../../../../../xlators/debug/io-stats/src/io-stats.c:2257
#8  0x00007fbad3109074 in posix_acl_fgetxattr (frame=0x7fbadcd73250, this=0x104dfe0, fd=0x7fbacfe4004c, name=0x0) at ../../../../../xlators/system/posix-acl/src/posix-acl.c:1882
#9  0x00007fbadb1181a4 in fuse_listxattr_resume (state=0x7fbac8000f50) at ../../../../../xlators/mount/fuse/src/fuse-bridge.c:2874
#10 0x00007fbadb0fd9e1 in fuse_resolve_and_resume (state=0x7fbac8000f50, fn=0x7fbadb117bc7 <fuse_listxattr_resume>) at ../../../../../xlators/mount/fuse/src/fuse-resolve.c:754
#11 0x00007fbadb118ce8 in fuse_listxattr (this=0x1033e30, finh=0x7fbac8001930, msg=0x7fbac8001958) at ../../../../../xlators/mount/fuse/src/fuse-bridge.c:2926
#12 0x00007fbadb11d6c6 in fuse_thread_proc (data=0x1033e30) at ../../../../../xlators/mount/fuse/src/fuse-bridge.c:3589
#13 0x00000037cd207b31 in start_thread () from /lib64/libpthread.so.0
#14 0x00000037ccedfd2d in clone () from /lib64/libc.so.6
(gdb) up
#1  0x00007fbad81c4915 in quota_fgetxattr (frame=0x7fbadcd7406c, this=0x1045c60, fd=0x7fbacfe4004c, name=0x0) at ../../../../../xlators/features/quota/src/quota.c:2020
2020	        if (strcasecmp (name, "trusted.limit.list") == 0) {
(gdb) l
2015	quota_fgetxattr (call_frame_t *frame, xlator_t *this, fd_t *fd,
2016	                 const char *name)
2017	{
2018	        int32_t ret     = 0;
2019	
2020	        if (strcasecmp (name, "trusted.limit.list") == 0) {
2021	                ret = quota_send_dir_limit_to_cli (frame, this, fd->inode,
2022	                                                   name);

need to check for 'name' for being NULL before using it in strcasecmp().
Comment 1 Amar Tumballi 2012-02-14 02:01:41 EST
sent a patch http://review.gluster.com/2743
Comment 2 Anand Avati 2012-02-14 05:43:32 EST
CHANGE: http://review.gluster.com/2743 (features/quota: fix a crash in fgetxattr() by checking for NULL arg) merged in master by Vijay Bellur (vijay@gluster.com)
Comment 3 Amar Tumballi 2012-05-31 01:36:48 EDT
tested using 'extras/test/test-ffop.c', by removing unlink(), and building GlusterFS source with '-DGF_TEST_FFOP' flag. The crash happened with earlier version (before the patch went in), and now on release-3.3 it doesn't crash.

Note You need to log in before you can comment on or make changes to this bug.