Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
glusterd: fix invalid pointer dereference during volume stop
When handling RPC_CLNT_DISCONNECT event, glustershd may be already disconnected and removed from the list of services, and an attempt to extract an entry from empty list causes the following error: ==1364671==ERROR: AddressSanitizer: heap-buffer-overflow on address ... READ of size 1 at 0x60d00001c48f thread T23 #0 0x7ff1a5f6db8c in __interceptor_fopen64.part.0 (/lib64/libasan.so.6+0x53b8c) gluster#1 0x7ff1a5c63717 in gf_is_service_running libglusterfs/src/common-utils.c:4180 gluster#2 0x7ff190178ad3 in glusterd_proc_is_running xlators/mgmt/glusterd/src/glusterd-proc-mgmt.c:157 gluster#3 0x7ff19017ce29 in glusterd_muxsvc_common_rpc_notify xlators/mgmt/glusterd/src/glusterd-svc-mgmt.c:440 gluster#4 0x7ff190176e75 in __glusterd_muxsvc_conn_common_notify xlators/mgmt/glusterd/src/glusterd-conn-mgmt.c:172 gluster#5 0x7ff18fee0940 in glusterd_big_locked_notify xlators/mgmt/glusterd/src/glusterd-handler.c:66 gluster#6 0x7ff190176ec7 in glusterd_muxsvc_conn_common_notify xlators/mgmt/glusterd/src/glusterd-conn-mgmt.c:183 gluster#7 0x7ff1a5b57b60 in rpc_clnt_handle_disconnect rpc/rpc-lib/src/rpc-clnt.c:821 gluster#8 0x7ff1a5b58082 in rpc_clnt_notify rpc/rpc-lib/src/rpc-clnt.c:882 gluster#9 0x7ff1a5b4da47 in rpc_transport_notify rpc/rpc-lib/src/rpc-transport.c:520 gluster#10 0x7ff18fba1d4f in socket_event_poll_err rpc/rpc-transport/socket/src/socket.c:1370 gluster#11 0x7ff18fbb223c in socket_event_handler rpc/rpc-transport/socket/src/socket.c:2971 gluster#12 0x7ff1a5d646ff in event_dispatch_epoll_handler libglusterfs/src/event-epoll.c:638 gluster#13 0x7ff1a5d6539c in event_dispatch_epoll_worker libglusterfs/src/event-epoll.c:749 gluster#14 0x7ff1a5917298 in start_thread /usr/src/debug/glibc-2.33-20.fc34.x86_64/nptl/pthread_create.c:481 gluster#15 0x7ff1a5551352 in clone (/lib64/libc.so.6+0x100352) 0x60d00001c48f is located 12 bytes to the right of 131-byte region [0x60d00001c400,0x60d00001c483) freed by thread T19 here: #0 0x7ff1a5fc8647 in free (/lib64/libasan.so.6+0xae647) Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com> Updates: gluster#1000
- Loading branch information