Re: [Bacula-users] bacula-dir: 13, crash on stackoverflow (FreeBSD)

Mon, 18 Jul 2022 08:03:30 -0700 

>>>>> On Mon, 18 Jul 2022 09:18:17 -0500, Larry Rosenman said:
> 
> On 07/18/2022 8:22 am, Martin Simmons wrote:
> >>>>>> On Sat, 16 Jul 2022 17:00:33 -0500, Larry Rosenman said:
> >> 
> >> (gdb) bt full
> >> #0  kill () at kill.S:4
> >> No locals.
> >> #1  0x000000088ad660a0 in __fail (
> >>      msg=0x88ac6d34f "stack overflow detected; terminated")
> >>      at /usr/src/lib/libc/secure/stack_protector.c:130
> >>          sa = {__sigaction_u = {__sa_handler = 0x0, __sa_sigaction =
> >> 0x0},
> >>            sa_flags = 0, sa_mask = {__bits = {0, 0, 0, 0}}}
> >>          mask = {__bits = {4294967263, 4294967295, 4294967295,
> >> 4294967295}}
> >> #2  0x000000088ad66010 in __stack_chk_fail ()
> >>      at /usr/src/lib/libc/secure/stack_protector.c:137
> >> No locals.
> >> #3  0x0000000000252e69 in send_include_list(JCR*) ()
> >> No symbol table info available.
> >> #4  0x000000000024241e in do_backup(JCR*) ()
> >> No symbol table info available.
> >> #5  0x0000000000257307 in job_thread(void*) ()
> >> No symbol table info available.
> >> #6  0x000000000025d124 in jobq_server ()
> >> No symbol table info available.
> >> #7  0x0000000886269d08 in lmgr_thread_launcher ()
> >>     from /usr/local/lib/libbac-13.0.0.so
> >> No symbol table info available.
> >> #8  0x00000008869a496a in thread_start (curthread=0x89c8a7000)
> >>      at /usr/src/lib/libthr/thread/thr_create.c:292
> > 
> > It might be useful to also post the output of these three gdb commands 
> > from
> > the core file:
> > 
> > disass send_include_list
> > p __stack_chk_guard
> > x/256xg $sp
> > 
> > __Martin
> 
> https://www.lerctr.org/~ler/bacula-dir.gdb.txt
> 
> too big for the list :)

Ok, that shows the problem.  The function send_fileset in src/dird/fd_cmds.c
has an array called newopts on the stack, but it is too small so it overflows.
It is too small because fd_cmds.c includes findlib/find.h, which redefines
MAX_FOPTS with a value that is too small for this use.  I don't see why
findlib/find.h needs to be included, so you could try the patch below:

------------------------------------------------------------------------------
--- src/dird/fd_cmds.c~ 2022-05-17 17:13:42.541093000 +0100
+++ src/dird/fd_cmds.c  2022-07-18 15:45:10.357144000 +0100
@@ -32,7 +32,7 @@
 
 #include "bacula.h"
 #include "dird.h"
-#include "findlib/find.h"
+#include "findlib/bfile.h"
 
 const int dbglvl = 400;
 
------------------------------------------------------------------------------

The overflow is triggered by your change to the fileset, which increases the
size of the options list sent to the client.

__Martin


_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to