Actions
Bug #13816
closedCrash in cephfs-journal-tool
% Done:
0%
Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
> cephfs-journal-tool journal export backup.bin > journal is 1841503004303~12076 > *** buffer overflow detected ***: cephfs-journal-tool terminated > ======= Backtrace: ========= > /lib64/libc.so.6(__fortify_fail+0x37)[0x7f175ef12a57] > /lib64/libc.so.6(+0x10bc10)[0x7f175ef10c10] > /lib64/libc.so.6(+0x10b119)[0x7f175ef10119] > /lib64/libc.so.6(_IO_vfprintf+0x2f00)[0x7f175ee4f430] > /lib64/libc.so.6(__vsprintf_chk+0x88)[0x7f175ef101a8] > /lib64/libc.so.6(__sprintf_chk+0x7d)[0x7f175ef100fd] > cephfs-journal-tool(_ZN6Dumper4dumpEPKc+0x630)[0x7f1763374720] > cephfs-journal-tool(_ZN11JournalTool14journal_exportERKSsb+0x294)[0x7f1763357874] > cephfs-journal-tool(_ZN11JournalTool12main_journalERSt6vectorIPKcSaIS2_EE+0x105)[0x7f17633580c5] > cephfs-journal-tool(_ZN11JournalTool4mainERSt6vectorIPKcSaIS2_EE+0x56e)[0x7f17633514de] > cephfs-journal-tool(main+0x1de)[0x7f1763350d4e] > /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f175ee26af5] > cephfs-journal-tool(+0x1ccae9)[0x7f1763356ae9] > ... > -3> 2015-11-17 10:43:00.874529 7f174db4b700 1 -- > xxx.xxx.xxx.xxx:6802/3019233561 <== osd.9 xxx.xxx.xxx.xxx:6808/13662 1 ==== > osd_op_reply(4 200.0006b309 [stat] v0'0 uv0 ack = -2 ((2) No such file or > directory)) v6 ==== 179+0+0 (2303160312 0 0) 0x7f1767c719c0 con > 0x7f1767d194a0
The dumper uses a fixed size (arbitrarily 200 bytes) header, but the format string was updated. This was probably working in our tests because our journals have less data and end up with fewer digits in their numbers.
Updated by John Spray over 8 years ago
- Status changed from New to Fix Under Review
Updated by Zheng Yan over 8 years ago
- Status changed from Fix Under Review to Resolved
Actions