Actions
Bug #18830
closedCoverity: bad iterator dereference in Locker::acquire_locks
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
MDS
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
** CID 1400092: (INVALIDATE_ITERATOR) /home/brad/working/src/ceph/src/mds/Locker.cc: 474 in Locker::acquire_locks(boost::intrusive_ptr<MDRequestImpl> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::map<SimpleLock *, int, std::less<SimpleLock *>, std::allocator<std::pair<SimpleLock *const , int>>> *, CInode *, bool)() /home/brad/working/src/ceph/src/mds/Locker.cc: 474 in Locker::acquire_locks(boost::intrusive_ptr<MDRequestImpl> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::map<SimpleLock *, int, std::less<SimpleLock *>, std::allocator<std::pair<SimpleLock *const , int>>> *, CInode *, bool)() ________________________________________________________________________________________________________ *** CID 1400092: (INVALIDATE_ITERATOR) /home/brad/working/src/ceph/src/mds/Locker.cc: 474 in Locker::acquire_locks(boost::intrusive_ptr<MDRequestImpl> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::map<SimpleLock *, int, std::less<SimpleLock *>, std::allocator<std::pair<SimpleLock *const , int>>> *, CInode *, bool)() 468 dout(10) << " already rdlocked " << *have << " " << *have->get_parent() << dendl; 469 continue; 470 } 471 } 472 473 // hose any stray locks >>> CID 1400092: (INVALIDATE_ITERATOR) >>> Dereferencing iterator "existing" though it is already past the end of its container. 474 if (*existing == *p) { 475 assert(need_wrlock || need_remote_wrlock); 476 SimpleLock *lock = *existing; 477 if (mdr->wrlocks.count(lock)) { 478 if (!need_wrlock) 479 dout(10) << " unlocking extra " << *lock << " " << *lock->get_parent() << dendl; /home/brad/working/src/ceph/src/mds/Locker.cc: 474 in Locker::acquire_locks(boost::intrusive_ptr<MDRequestImpl> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::set<SimpleLock *, std::less<SimpleLock *>, std::allocator<SimpleLock *>> &, std::map<SimpleLock *, int, std::less<SimpleLock *>, std::allocator<std::pair<SimpleLock *const , int>>> *, CInode *, bool)() 468 dout(10) << " already rdlocked " << *have << " " << *have->get_parent() << dendl; 469 continue; 470 } 471 } 472 473 // hose any stray locks >>> CID 1400092: (INVALIDATE_ITERATOR) >>> Dereferencing iterator "existing" though it is already past the end of its container. 474 if (*existing == *p) { 475 assert(need_wrlock || need_remote_wrlock); 476 SimpleLock *lock = *existing; 477 if (mdr->wrlocks.count(lock)) { 478 if (!need_wrlock) 479 dout(10) << " unlocking extra " << *lock << " " << *lock->get_parent() << dendl;
I'm not seeing anything that prevents the ++existing in the next block taking the iterator past the end of the container, so I'm inclined to believe coverity on this one.
Updated by John Spray about 7 years ago
- Status changed from New to Fix Under Review
Updated by John Spray about 7 years ago
- Status changed from Fix Under Review to Resolved
Actions