On 02/15/2016 09:44 PM, Matt Benjamin wrote: > If I read the code correctly (xdr_inline.h), nodesize==0 connotes "read 0 > bytes." So the surrounding code should not index into any such bytes in that > case, if it can in fact arise. I also am not sure what that case would mean. > Thanks Matt. So can the fix be to return false when nodesize is '0'?
-Soumya > Matt > > ----- Original Message ----- >> From: "Soumya Koduri" <skod...@redhat.com> >> To: "Matt W. Benjamin" <m...@linuxbox.com>, "Daniel Gryniewicz" >> <d...@redhat.com> >> Cc: nfs-ganesha-devel@lists.sourceforge.net >> Sent: Monday, February 15, 2016 4:40:15 AM >> Subject: [Nfs-ganesha-devel] SIGSEGV in "xdr_nfs_fh3()" >> >> Hi Matt/Daniel, >> >> There is a crash reported due to SIGSEGV in "xdr_nfs_fh3()" [1]. As >> mentioned in the comments [2], we couldn't analyze the core, but when >> inspected the code, found a potential issue. >> >> >> In 'xdr_nfs_fh3(..)' { >> >> ..... >> 458 if (!xdr_bytes >> 459 (xdrs, (char **)&objp->data.data_val, >> 460 (u_int *) & objp->data.data_len, 64)) >> 461 return (false); >> 462 >> 463 if (xdrs->x_op == XDR_DECODE) { >> 464 fh = (file_handle_v3_t *)objp->data.data_val; >> 465 fh->exportid = ntohs(fh->exportid); >> 466 } >> >> ........... >> } >> >> In xdr_bytes(..) { >> .... >> 522 case XDR_DECODE: >> 523 if (nodesize == 0) >> 524 return (true); >> 525 if (sp == NULL) >> 526 *cpp = sp = mem_alloc(nodesize); >> 527 if (sp == NULL) { >> 528 __warnx(TIRPC_DEBUG_FLAG_XDR, >> 529 "xdr_bytes: out of memory"); >> 530 return (false); >> 531 } >> >> >> >> ........... >> } >> >> In the above routine (xdr_bytes), if nodesize is '0' (line:522) we >> return true without allocating any memory. And in 'xdr_nfs_fh3()', we >> shall end up de-referencing this unallocated memory at line 465. >> >> I am not sure in what cases nodesize could be '0' and how we can extract >> filehandle from the xdr object then. Could you please confirm the same. >> >> >> Thanks, >> Soumya >> >> >> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1306691 >> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1306691#c5 >> >> >> >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 >> _______________________________________________ >> Nfs-ganesha-devel mailing list >> Nfs-ganesha-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel >> > ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel