-
Bug
-
Resolution: Duplicate
-
Minor
-
None
-
Lustre 2.12.2
-
None
-
3
-
9223372036854775807
Issue found in b2_12. This issue lead to a sanity failure: sanity: FAIL: test_60aa old llog_print failed
The wrong variable scope is used to assign default values to data.ioc_inlbuf2 and data.ioc_inlbuf3 in jt_llog_print()
int jt_llog_print(int argc, char **argv)
{
struct obd_ioctl_data data;
char rawbuf[MAX_IOC_BUFLEN], *buf = rawbuf;
int rc;
if (argc != 2 && argc != 4)
return CMD_HELP;
memset(&data, 0, sizeof(data));
data.ioc_dev = cur_device;
data.ioc_inllen1 = strlen(argv[1]) + 1;
data.ioc_inlbuf1 = argv[1];
if (argc == 4) {
data.ioc_inllen2 = strlen(argv[2]) + 1;
data.ioc_inlbuf2 = argv[2];
data.ioc_inllen3 = strlen(argv[3]) + 1;
data.ioc_inlbuf3 = argv[3];
} else {
char from[2] = "1", to[3] = "-1";
data.ioc_inllen2 = strlen(from) + 1;
data.ioc_inlbuf2 = from;
data.ioc_inllen3 = strlen(to) + 1;
data.ioc_inlbuf3 = to;
}
Declaring "from" and "to" inside the else block leads to undefined behavior.
For example, with gcc 7.4.1 on sles 15 those buffers contain an empty string after exiting the else block.
int jt_llog_print(int argc, char **argv)
{
struct obd_ioctl_data data;
char rawbuf[MAX_IOC_BUFLEN], *buf = rawbuf;
int rc;
if (argc != 2 && argc != 4)
return CMD_HELP;
memset(&data, 0, sizeof(data));
data.ioc_dev = cur_device;
data.ioc_inllen1 = strlen(argv[1]) + 1;
data.ioc_inlbuf1 = argv[1];
printf("argc: %d\n", argc);
if (argc == 4) {
data.ioc_inllen2 = strlen(argv[2]) + 1;
data.ioc_inlbuf2 = argv[2];
data.ioc_inllen3 = strlen(argv[3]) + 1;
data.ioc_inlbuf3 = argv[3];
} else {
char from[2] = "1", to[3] = "-1";
data.ioc_inllen2 = strlen(from) + 1;
data.ioc_inlbuf2 = from;
data.ioc_inllen3 = strlen(to) + 1;
data.ioc_inlbuf3 = to;
}
printf("from: %s to: %s\n", data.ioc_inlbuf2, data.ioc_inlbuf3);
sles15s01:/home/build/lustre-filesystem/lustre/tests # ../utils/lctl --device MGS llog_print lustre-client argc: 2 from: to:
- is related to
-
-
- Resolved
-