Re: [Bacula-users] bacula-dir: 13, crash on stackoverflow (FreeBSD)

Mon, 18 Jul 2022 08:09:35 -0700 

On 07/18/2022 10:00 am, Martin Simmons wrote:

On Mon, 18 Jul 2022 09:18:17 -0500, Larry Rosenman said:


On 07/18/2022 8:22 am, Martin Simmons wrote:
>>>>>> On Sat, 16 Jul 2022 17:00:33 -0500, Larry Rosenman said:
>>
>> (gdb) bt full
>> #0  kill () at kill.S:4
>> No locals.
>> #1  0x000000088ad660a0 in __fail (
>>      msg=0x88ac6d34f "stack overflow detected; terminated")
>>      at /usr/src/lib/libc/secure/stack_protector.c:130
>>          sa = {__sigaction_u = {__sa_handler = 0x0, __sa_sigaction =
>> 0x0},
>>            sa_flags = 0, sa_mask = {__bits = {0, 0, 0, 0}}}
>>          mask = {__bits = {4294967263, 4294967295, 4294967295,
>> 4294967295}}
>> #2  0x000000088ad66010 in __stack_chk_fail ()
>>      at /usr/src/lib/libc/secure/stack_protector.c:137
>> No locals.
>> #3  0x0000000000252e69 in send_include_list(JCR*) ()
>> No symbol table info available.
>> #4  0x000000000024241e in do_backup(JCR*) ()
>> No symbol table info available.
>> #5  0x0000000000257307 in job_thread(void*) ()
>> No symbol table info available.
>> #6  0x000000000025d124 in jobq_server ()
>> No symbol table info available.
>> #7  0x0000000886269d08 in lmgr_thread_launcher ()
>>     from /usr/local/lib/libbac-13.0.0.so
>> No symbol table info available.
>> #8  0x00000008869a496a in thread_start (curthread=0x89c8a7000)
>>      at /usr/src/lib/libthr/thread/thr_create.c:292
>
> It might be useful to also post the output of these three gdb commands
> from
> the core file:
>
> disass send_include_list
> p __stack_chk_guard
> x/256xg $sp
>
> __Martin

https://www.lerctr.org/~ler/bacula-dir.gdb.txt

too big for the list :)



Ok, that shows the problem.  The function send_fileset in 
src/dird/fd_cmds.c
has an array called newopts on the stack, but it is too small so it 
overflows.
It is too small because fd_cmds.c includes findlib/find.h, which 
redefines

MAX_FOPTS with a value that is too small for this use.  I don't see why
findlib/find.h needs to be included, so you could try the patch below:

------------------------------------------------------------------------------
--- src/dird/fd_cmds.c~ 2022-05-17 17:13:42.541093000 +0100
+++ src/dird/fd_cmds.c  2022-07-18 15:45:10.357144000 +0100
@@ -32,7 +32,7 @@

 #include "bacula.h"
 #include "dird.h"
-#include "findlib/find.h"
+#include "findlib/bfile.h"

 const int dbglvl = 400;

------------------------------------------------------------------------------


The overflow is triggered by your change to the fileset, which 
increases the

size of the options list sent to the client.

__Martin

I'm just surprised the DEBUG build works then.....


I'll just keep using the DEBUG build for now, but sounds like this 
should be picked up

upstream.

And/Or @dvl@FreeBSD can pick it up for the FreeBSD port.


--
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: l...@lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106


_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users






















					Reply via email to