Bug #5346
closedrgw: invalid read from RGWFormatter_Plain::write_data
0%
Description
ubuntu@teuthology:/a/teuthology-2013-06-14_01:00:36-rgw-master-testing-basic/35856$ zless ./remote/ubuntu@plana63.front.sepia.ceph.com/log/valgrind/client.0.log.gz
<unique>0x2</unique>
<tid>38</tid>
<kind>InvalidRead</kind>
<what>Invalid read of size 4</what>
<stack>
<frame>
<ip>0x64B714</ip>
<obj>/usr/bin/radosgw</obj>
<fn>RGWFormatter_Plain::write_data(char const*, ...)</fn>
<dir>/srv/autobuild-ceph/gitbuilder.git/build/out~/ceph-0.64-428-gbcfbd0a/src/rgw</dir>
<file>rgw_formats.cc</file>
<line>217</line>
</frame>
<frame>
<ip>0x64B9F8</ip>
<obj>/usr/bin/radosgw</obj>
<fn>RGWFormatter_Plain::dump_format(char const*, char const*, ...)</fn>
<dir>/srv/autobuild-ceph/gitbuilder.git/build/out~/ceph-0.64-428-gbcfbd0a/src/rgw</dir>
<file>rgw_formats.cc</file>
<line>150</line>
</frame>
<frame>
<ip>0x4F968B</ip>
<obj>/usr/bin/radosgw</obj>
<fn>RGWListBuckets_ObjStore_SWIFT::send_response_data(RGWUserBuckets&)</fn>
<dir>/srv/autobuild-ceph/gitbuilder.git/build/out~/ceph-0.64-428-gbcfbd0a/src/rgw</dir>
<file>rgw_rest_swift.cc</file>
<line>76</line>
</frame>
<frame>
<ip>0x6334E4</ip>
<obj>/usr/bin/radosgw</obj>
<fn>RGWListBuckets::execute()</fn>
<dir>/srv/autobuild-ceph/gitbuilder.git/build/out~/ceph-0.64-428-gbcfbd0a/src/rgw</dir>
<file>rgw_op.cc</file>
<line>705</line>
</frame>
...
job was
ubuntu@teuthology:/a/teuthology-2013-06-14_01:00:36-rgw-master-testing-basic/35856$ cat orig.config.yaml
kernel:
kdb: true
sha1: 6012c98c90e1d58949d029c221872d98746c2b17
machine_type: plana
nuke-on-error: true
overrides:
ceph:
conf:
global:
ms inject socket failures: 5000
mon:
debug mon: 20
debug ms: 20
debug paxos: 20
lockdep: true
osd:
lockdep: true
osd op thread timeout: 60
fs: btrfs
log-whitelist:
- slow request
sha1: bcfbd0a3ffae6947464d930f636c8b35d1331e9d
install:
ceph:
sha1: bcfbd0a3ffae6947464d930f636c8b35d1331e9d
s3tests:
branch: master
workunit:
sha1: bcfbd0a3ffae6947464d930f636c8b35d1331e9d
roles:
- - mon.a
- mon.c
- osd.0
- osd.1
- osd.2
- - mon.b
- mds.a
- osd.3
- osd.4
- osd.5
- client.0
tasks:
- chef: null
- clock.check: null
- install:
ceph:
flavor: notcmalloc
- ceph: null
- rgw:
client.0:
valgrind:
- --tool=memcheck
- swift:
client.0:
rgw_server: client.0
Updated by Sage Weil almost 11 years ago
- Status changed from New to 12
this appears to be triggered by the swift test.. doesn't happen with s3tests or readwrite etc
also present on cuttlefish.
Updated by Yehuda Sadeh almost 11 years ago
well, swift is the only user of the plain formatter I guess.
Updated by Sage Weil almost 11 years ago
using a trivial implemention of strlen avoids this. unfortunately we can't whitelist the glibc strlen call because it is fully inline and not part of the stack seen by valgrind.
we could go with the trivial strlen() reimplementation, or whitelist the entire method (which means we won't catch any other bugs in this method, or callers passing in bad data)
Updated by Sage Weil almost 11 years ago
- Status changed from 12 to Fix Under Review
Updated by Yehuda Sadeh almost 11 years ago
- Status changed from Fix Under Review to Resolved
Sage pushed a fix at commit:49ff63b1750789070a8c6fef830c9526ae0f6d9f