Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
3
-
9223372036854775807
Description
With the stock 3.10 kernel, hai_dump_data_field will do a stack buffer overrun when cat'ing /proc/fs/lustre/.../hsm/actions if an action has some data in it.
On that kernel, these 2 snprintf:
cnt = snprintf(buffer, 1, "%.2X", 54);
cnt = snprintf(buffer, 2, "%.2X", 54);
will return 2 instead of 0 and 1 respectively. The strings generated are correct, with 0 and 1 character followed by NUL, respectively.
The coordinator code calls hai_dump_data_field with 12 bytes in the buffer. The last byte is printed incompletely to make room for the terminating NUL. However since that version of the kernel returns that 2 characters were written, when hai_dump_data_field writes the final NUL, it does it outside the reserved buffer, in the 13th byte. This stack buffer overrun hangs my VM.
This doesn't happen on CentOS 6.
Attachments
Activity
| Link | New: This issue is duplicated by SEA-353 [ SEA-353 ] |
| Link | New: This issue is related to LDEV-341 [ LDEV-341 ] |
| Link | New: This issue is related to LDEV-367 [ LDEV-367 ] |
| Link | New: This issue is related to JFC-17 [ JFC-17 ] |
| Link | Original: This issue is related to JFC-21 [ JFC-21 ] |
| Link | New: This issue is related to JFC-21 [ JFC-21 ] |
| Link | New: This issue is related to LDEV-301 [ LDEV-301 ] |
| Labels | New: cea |
| Fix Version/s | New: Lustre 2.9.0 [ 11891 ] | |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
| Assignee | Original: WC Triage [ wc-triage ] | New: John Hammond [ jhammond ] |