diff options
| author | Pranith Kumar K <pkarampu@redhat.com> | 2017-06-06 14:58:36 +0530 |
|---|---|---|
| committer | Pranith Kumar K <pkarampu@redhat.com> | 2017-06-06 17:46:22 +0530 |
| commit | 4c68b2f81441a28292602957abc4eaaa7c11b518 (patch) | |
| tree | 695833007badfafb7c54c272968ee826c7cc762b /rpc | |
| parent | e9a7f90b29017cb406f7e263317253dfe0f3139b (diff) | |
Fix heap-buffer-overflow
This is the asan trace:
==26769==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000007b60 at pc 0x7ffff6e9429b bp 0x7ffff1afd800 sp 0x7ffff1afcfa8
WRITE of size 2 at 0x602000007b60 thread T1
#0 0x7ffff6e9429a (/lib64/libasan.so.3+0x5f29a)
#1 0x406b64 in removeDuplicateSubstr /root/gluster-block/rpc/block_svc_routines.c:147
#2 0x41ad4c in blockCreateCliFormatResponse /root/gluster-block/rpc/block_svc_routines.c:1570
#3 0x41ff91 in block_create_cli_1_svc /root/gluster-block/rpc/block_svc_routines.c:1826
#4 0x405e63 in gluster_block_cli_1 /root/gluster-block/rpc/rpcl/block_svc.c:132
#5 0x7ffff57d62a0 in svc_getreq_common (/lib64/libc.so.6+0x13a2a0)
#6 0x7ffff57d63e6 in svc_getreq_poll (/lib64/libc.so.6+0x13a3e6)
#7 0x7ffff57d9d00 in svc_run (/lib64/libc.so.6+0x13dd00)
#8 0x403c61 in glusterBlockCliThreadProc /root/gluster-block/daemon/gluster-blockd.c:130
#9 0x7ffff6c1e6c9 in start_thread (/lib64/libpthread.so.0+0x76c9)
#10 0x7ffff57a3f6e in clone (/lib64/libc.so.6+0x107f6e)
0x602000007b60 is located 0 bytes to the right of 16-byte region [0x602000007b50,0x602000007b60)
allocated by thread T1 here:
#0 0x7ffff6efc020 in calloc (/lib64/libasan.so.3+0xc7020)
#1 0x42d2c3 in gbAllocN /root/gluster-block/utils/utils.c:194
#2 0x406ae9 in removeDuplicateSubstr /root/gluster-block/rpc/block_svc_routines.c:138
#3 0x41ad4c in blockCreateCliFormatResponse /root/gluster-block/rpc/block_svc_routines.c:1570
#4 0x41ff91 in block_create_cli_1_svc /root/gluster-block/rpc/block_svc_routines.c:1826
#5 0x405e63 in gluster_block_cli_1 /root/gluster-block/rpc/rpcl/block_svc.c:132
#6 0x7ffff57d62a0 in svc_getreq_common (/lib64/libc.so.6+0x13a2a0)
#7 0x7ffff5a60a5f (/lib64/libc.so.6+0x3c4a5f)
Thread T1 created by T0 here:
#0 0x7ffff6e66488 in __interceptor_pthread_create (/lib64/libasan.so.3+0x31488)
#1 0x40545f in main /root/gluster-block/daemon/gluster-blockd.c:325
#2 0x7ffff56bc400 in __libc_start_main (/lib64/libc.so.6+0x20400)
Change-Id: Id16fa0c00223f7272c3c977efb268ba5d72bd04b
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Diffstat (limited to 'rpc')
| -rw-r--r-- | rpc/block_svc_routines.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/rpc/block_svc_routines.c b/rpc/block_svc_routines.c index 333584e..9e4d111 100644 --- a/rpc/block_svc_routines.c +++ b/rpc/block_svc_routines.c @@ -134,8 +134,8 @@ removeDuplicateSubstr(char **line) return; } - /* Allocate size for out. */ - if (GB_ALLOC_N(out, strlen(temp)) < 0) { + /* Allocate size for out including trailing space and \0. */ + if (GB_ALLOC_N(out, strlen(temp) + strlen(" ") + 1) < 0) { return; } |