-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crash on startup of glusterd 11 (heap-buffer-overflow) #4192
Comments
NPOOLS is 14. pool_list_size is reported to be 336, which is 14 * sizeof(*pool_list), which is not enough for a struct with hanging tail.
Blech:
|
Does it happen without memory pools? |
==4418==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x613000000190 at pc 0x7f028cd2341c bp 0x7ffd9c5ba7e0 sp 0x7ffd9c5ba7d8 WRITE of size 8 at 0x613000000190 thread T0 f0 in mem_get_pool_list ~/libglusterfs/src/mem-pool.c:786 0x613000000190 is located 0 bytes after 336-byte region [0x613000000040,0x613000000190) allocated by thread T0 here: f0 in malloc (/usr/lib64/libasan.so.8+0xdc04f) (BuildId: 44194dcf14c212b57346030492309d59d5379ae1) f1 in __gf_default_malloc glusterfs/mem-pool.h:112 f2 in mem_get_pool_list ~/libglusterfs/src/mem-pool.c:778 ``NPOOLS-1`` is just wrong. ``per_thread_pool_list_t`` does not include one free ``per_thread_pool_t``. Fixes: gluster#4192 Fixes: v11dev-211-g1cfff6e6ec ("Use flexible array members (gluster#3411)") Signed-off-by: Jan Engelhardt <jengelh@inai.de>
(mempool=no tcmalloc=yes) startup runs fine. |
Tests have shown to improve performance nicely with tcmalloc (and without memory pools). |
Well then remove --without-tcmalloc? |
The patch (#4196) is reverted from release-11 to avoid an issue. |
Just the revert isn't enough to fix the crash in the debian package of 11.0. With the patch from #4193, then it no longer crashes, and the DEP8 tests pass. |
Let me update that statement: the revert does seem enough in the sense that the crash no longer happens. |
==4418==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x613000000190 at pc 0x7f028cd2341c bp 0x7ffd9c5ba7e0 sp 0x7ffd9c5ba7d8 WRITE of size 8 at 0x613000000190 thread T0 f0 in mem_get_pool_list ~/libglusterfs/src/mem-pool.c:786 0x613000000190 is located 0 bytes after 336-byte region [0x613000000040,0x613000000190) allocated by thread T0 here: f0 in malloc (/usr/lib64/libasan.so.8+0xdc04f) (BuildId: 44194dcf14c212b57346030492309d59d5379ae1) f1 in __gf_default_malloc glusterfs/mem-pool.h:112 f2 in mem_get_pool_list ~/libglusterfs/src/mem-pool.c:778 ``NPOOLS-1`` is just wrong. ``per_thread_pool_list_t`` does not include one free ``per_thread_pool_t``. Fixes: gluster#4192 Fixes: v11dev-211-g1cfff6e6ec ("Use flexible array members (gluster#3411)") Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Description of problem:
glusterd from glusterfs-11 just dies on startup. With ASAN enabled I get
(Without ASAN, glibc malloc throws an assert at some stage in the glusterd initialization due to to corruption.)
The exact command to reproduce the issue:
- The operating system / glusterfs version:
openSUSE Tumbleweed 20230701 gcc 13.1.1
The text was updated successfully, but these errors were encountered: