Skip to content

Commit

Permalink
Fix heap-buffer-overflow
Browse files Browse the repository at this point in the history 
This is the asan trace:
==26769==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000007b60 at pc 0x7ffff6e9429b bp 0x7ffff1afd800 sp 0x7ffff1afcfa8
WRITE of size 2 at 0x602000007b60 thread T1
    #0 0x7ffff6e9429a  (/lib64/libasan.so.3+0x5f29a)
    #1 0x406b64 in removeDuplicateSubstr /root/gluster-block/rpc/block_svc_routines.c:147
    #2 0x41ad4c in blockCreateCliFormatResponse /root/gluster-block/rpc/block_svc_routines.c:1570
    #3 0x41ff91 in block_create_cli_1_svc /root/gluster-block/rpc/block_svc_routines.c:1826
    #4 0x405e63 in gluster_block_cli_1 /root/gluster-block/rpc/rpcl/block_svc.c:132
    #5 0x7ffff57d62a0 in svc_getreq_common (/lib64/libc.so.6+0x13a2a0)
    #6 0x7ffff57d63e6 in svc_getreq_poll (/lib64/libc.so.6+0x13a3e6)
    #7 0x7ffff57d9d00 in svc_run (/lib64/libc.so.6+0x13dd00)
    #8 0x403c61 in glusterBlockCliThreadProc /root/gluster-block/daemon/gluster-blockd.c:130
    #9 0x7ffff6c1e6c9 in start_thread (/lib64/libpthread.so.0+0x76c9)
    #10 0x7ffff57a3f6e in clone (/lib64/libc.so.6+0x107f6e)

0x602000007b60 is located 0 bytes to the right of 16-byte region [0x602000007b50,0x602000007b60)
allocated by thread T1 here:
    #0 0x7ffff6efc020 in calloc (/lib64/libasan.so.3+0xc7020)
    #1 0x42d2c3 in gbAllocN /root/gluster-block/utils/utils.c:194
    #2 0x406ae9 in removeDuplicateSubstr /root/gluster-block/rpc/block_svc_routines.c:138
    #3 0x41ad4c in blockCreateCliFormatResponse /root/gluster-block/rpc/block_svc_routines.c:1570
    #4 0x41ff91 in block_create_cli_1_svc /root/gluster-block/rpc/block_svc_routines.c:1826
    #5 0x405e63 in gluster_block_cli_1 /root/gluster-block/rpc/rpcl/block_svc.c:132
    #6 0x7ffff57d62a0 in svc_getreq_common (/lib64/libc.so.6+0x13a2a0)
    #7 0x7ffff5a60a5f  (/lib64/libc.so.6+0x3c4a5f)

Thread T1 created by T0 here:
    #0 0x7ffff6e66488 in __interceptor_pthread_create (/lib64/libasan.so.3+0x31488)
    #1 0x40545f in main /root/gluster-block/daemon/gluster-blockd.c:325
    #2 0x7ffff56bc400 in __libc_start_main (/lib64/libc.so.6+0x20400)

Change-Id: Id16fa0c00223f7272c3c977efb268ba5d72bd04b
Signed-off-by: Pranith Kumar K <[email protected]>
  • Loading branch information
Pranith Kumar K committed Jun 6, 2017
1 parent e9a7f90 commit 4c68b2f
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions rpc/block_svc_routines.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,8 +134,8 @@ removeDuplicateSubstr(char **line)
return;
}

/* Allocate size for out. */
if (GB_ALLOC_N(out, strlen(temp)) < 0) {
/* Allocate size for out including trailing space and \0. */
if (GB_ALLOC_N(out, strlen(temp) + strlen(" ") + 1) < 0) {
return;
}

Expand Down

0 comments on commit 4c68b2f

Please sign in to comment.