* [Drbd-dev] [Igor Genibel] Bug#310993: reproductible segfault when parsing the config file
@ 2005-05-30 8:22 Cyril Bouthors
2005-05-30 17:15 ` Lars Ellenberg
0 siblings, 1 reply; 2+ messages in thread
From: Cyril Bouthors @ 2005-05-30 8:22 UTC (permalink / raw)
To: drbd-dev; +Cc: Igor Genibel
[-- Attachment #1.1: Type: text/plain, Size: 381 bytes --]
Igor has found a bug in 0.7.10. drbdadm fails when the config file is
bigger than 4798 bytes, which is the default:
root@wide:~# drbdadm -d adjust all
Segmentation fault
root@wide:~# ls -lh /etc/drbd.conf
-rw-r--r-- 1 root root 11K 2005-05-30 11:18 /etc/drbd.conf
root@wide:~#
I've marked this Debian bug as "forwarded to upstream". Please notice
me when it's fixed.
Thanks.
[-- Attachment #1.2: Type: message/rfc822, Size: 3410 bytes --]
[-- Attachment #1.2.1: Type: multipart/mixed, Size: 1 bytes --]
From: Igor Genibel <igenibel@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#310993: reproductible segfault when parsing the config file
Date: Fri, 27 May 2005 17:20:00 +0200
Message-ID: <m1Dbgcy-005YcoC@localhost.localdomain>
[-- Attachment #2: Type: text/plain, Size: 1753 bytes --]
Package: drbd0.7-utils
Version: 0.7.10-3
Severity: normal
Hi,
It seems that the config file size is limited around 4798 bytes. This
really strange.
Here are to two config files that only differ from one byte.
With the first one (named first) here is the strace output:
[...]
open("/etc/drbd-07.conf", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/drbd.conf", O_RDONLY) = 3
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbffff078) = -1 ENOTTY
(Inappropriate ioctl for device)
fstat64(3, {st_mode=S_IFREG|0644, st_size=4598, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7fe8000
read(3, "# \n# on-io-error pass_on;\n# "..., 8192) = 4598
read(3, "", 4096) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
With the second one (named second) here is the strace output:
[...]
write(2, "/dev/drbd0", 10/dev/drbd0) = 10
write(2, " ", 1 ) = 1
write(2, "primary", 7primary) = 7
write(2, "\' terminated with exit code 20\n", 31' terminated with exit
code 20
) = 31
write(2, "drbdadm aborting\n", 17drbdadm aborting
) = 17
exit_group(20) = ?
It exists abnormaly because of the tests. If I use the initscript it
works well with the second config file.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-1-686
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)
Versions of packages drbd0.7-utils depends on:
ii debconf 1.4.49 Debian configuration management sy
-- no debconf information
[-- Attachment #3: 1.drbd.conf.gz --]
[-- Type: application/octet-stream, Size: 351 bytes --]
[-- Attachment #4: 2.drbd.conf.gz --]
[-- Type: application/octet-stream, Size: 350 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Drbd-dev] [Igor Genibel] Bug#310993: reproductible segfault when parsing the config file
2005-05-30 8:22 [Drbd-dev] [Igor Genibel] Bug#310993: reproductible segfault when parsing the config file Cyril Bouthors
@ 2005-05-30 17:15 ` Lars Ellenberg
0 siblings, 0 replies; 2+ messages in thread
From: Lars Ellenberg @ 2005-05-30 17:15 UTC (permalink / raw)
To: Cyril Bouthors; +Cc: Igor Genibel, drbd-dev
On Mon, May 30, 2005 at 11:22:17AM +0300, Cyril Bouthors wrote:
> Igor has found a bug in 0.7.10. drbdadm fails when the config file is
> bigger than 4798 bytes, which is the default:
>
> root@wide:~# drbdadm -d adjust all
> Segmentation fault
> root@wide:~# ls -lh /etc/drbd.conf
> -rw-r--r-- 1 root root 11K 2005-05-30 11:18 /etc/drbd.conf
> root@wide:~#
>
> I've marked this Debian bug as "forwarded to upstream". Please notice
> me when it's fixed.
thanks for the heads up,
quoting from a recent commit message:
* fixed flex input buffer overflow:
drbdadm_scanner.fl produced tokens of arbitrary length due to excessive use
of "+" and "*" modifiers. Now these are replaced with "{x,y}" modifiers, so
it should no longer segfault.
Though it may now produce parse errors where it suceeded before, if you
happen to use 90 character long resource names or the like.
drbd-0.7.11 is about to be officially released within the next two days.
(unless we find some other stopper bug).
cheers,
: Lars Ellenberg Tel +43-1-8178292-0 :
: LINBIT Information Technologies GmbH Fax +43-1-8178292-82 :
: Schoenbrunner Str. 244, A-1120 Vienna/Europe http://www.linbit.com :
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-05-30 17:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-05-30 8:22 [Drbd-dev] [Igor Genibel] Bug#310993: reproductible segfault when parsing the config file Cyril Bouthors
2005-05-30 17:15 ` Lars Ellenberg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox