I'm using beanstalkd 1.4.1 and have found a reproducible scenario that appears to write corrupt data to the binlog such that beanstalkd can't restart.
After starting beanstalkd with an empty binlog directory, I run the following commands: C: use test S: USING test C: put 0 0 120 4 C: test S: INSERTED 1 C: put 0 0 120 4 C: tes1 S: INSERTED 2 C: watch test S: WATCHING 2 C: reserve S: RESERVED 1 4 S: test C: release 1 0 120 S: RELEASED C: reserve S: RESERVED 2 4 S: tes1 C: delete 2 S: DELETED C: quit I then kill beanstalkd with `killall beanstalkd` (which does a SIGTERM). On restarting, I get the following errors: $ /usr/local/beanstalkd-1.4.1/bin/beanstalkd -d -b /tmp/beanstalktest -p 22300 : binlog.c:342 in binlog_open: Cannot open binlog /binlog.2: Permission denied : binlog.c:545 in ensure_free_space: make_future_binlog : binlog.c:736 in binlog_init: error making first writable binlog Segmentation fault Note that it says 'Cannot open binlog /binlog.2' and not 'Cannot open binlog /tmp/beanstalktest/binlog.2'. During the read, a buffer overflow occurs reading a tubename from the binlog. This causes binlog_dir to be overwritten with a '\0' and binlog_open then tries to create a file in the root directory (which fails due to permissions). The buffer overflow occurs reading into tubename in binlog_read_log_file. The length of tubename (namelen) is read from the binlog, but isn't checked to see if it is less than the size of tubename. The attached patch checks namelen and sets it to 0 if it is >= MAX_TUBE_NAME_LEN. With this patch applied, beanstalkd starts up successfully, but I am still able to reserve the job that was deleted and the data for the released job is missing (so something still isn't quite right): C: watch test S: WATCHING 2 C: reserve S: RESERVED 1 4 C: delete 1 S: DELETED C: reserve S: RESERVED 2 4 S: tes1 C: delete 2 S: DELETED I'll continue to do some investigation into this, but it'd be much appreciated if anyone could give me some pointers as to where to look. Thanks, Phil --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "beanstalk-talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/beanstalk-talk?hl=en -~----------~----~----~----~------~----~------~--~---
fix_binlog_read_tubename_buffer_overflow.patch
Description: Binary data
