[PATCH lttng-tools] Fix: lttng-crash: detect truncated files

[PATCH lttng-tools] Fix: lttng-crash: detect truncated files

[Mathieu Desnoyers]

Detect truncated files which size is smaller than the ring buffer
header.

This can be caused by a situation where sessiond is killed with SIGKILL
while doing a metadata regenerate command.

Without this fix, lttng-crash is killed with a "Bus error" when
encountering a truncated file.

Fixes: #1166
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
---
 src/bin/lttng-crash/lttng-crash.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/bin/lttng-crash/lttng-crash.c b/src/bin/lttng-crash/lttng-crash.c
index 298ed71a..47358df9 100644
--- a/src/bin/lttng-crash/lttng-crash.c
+++ b/src/bin/lttng-crash/lttng-crash.c
@@ -498,7 +498,8 @@ int check_magic(const uint8_t *magic)
 }
 
 static
-int get_crash_layout(struct lttng_crash_layout *layout, int fd)
+int get_crash_layout(struct lttng_crash_layout *layout, int fd,
+		const char *input_file)
 {
 	char *map;
 	int ret = 0, unmapret;
@@ -509,7 +510,17 @@ int get_crash_layout(struct lttng_crash_layout *layout, int fd)
 	const struct crash_abi_unknown *abi;
 	uint16_t endian;
 	enum lttng_crash_type layout_type;
+	struct stat stat;
 
+	ret = fstat(fd, &stat);
+	if (ret < 0) {
+		PERROR("fstat");
+		return -1;
+	}
+	if (stat.st_size < RB_CRASH_DUMP_ABI_LEN) {
+		ERR("File: '%s' truncated", input_file);
+		return -1;
+	}
 	map = mmap(NULL, RB_CRASH_DUMP_ABI_LEN, PROT_READ, MAP_PRIVATE,
 		fd, 0);
 	if (map == MAP_FAILED) {
@@ -838,7 +849,7 @@ int extract_file(int output_dir_fd, const char *output_file,
 	}
 
 	/* Query the crash ABI layout */
-	ret = get_crash_layout(&layout, fd_src);
+	ret = get_crash_layout(&layout, fd_src, input_file);
 	if (ret) {
 		goto close_src;
 	}
-- 
2.11.0

Re: [PATCH lttng-tools] Fix: lttng-crash: detect truncated files

[Jérémie Galarneau]

Merged in master, stable-2.11, stable-2.10, and stable-2.9. Thanks!

Jérémie

On Mon, Sep 23, 2019 at 02:31:33PM -0400, Mathieu Desnoyers wrote:
> Detect truncated files which size is smaller than the ring buffer
> header.
> 
> This can be caused by a situation where sessiond is killed with SIGKILL
> while doing a metadata regenerate command.
> 
> Without this fix, lttng-crash is killed with a "Bus error" when
> encountering a truncated file.
> 
> Fixes: #1166
> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
> ---
>  src/bin/lttng-crash/lttng-crash.c | 15 +++++++++++++--
>  1 file changed, 13 insertions(+), 2 deletions(-)
> 
> diff --git a/src/bin/lttng-crash/lttng-crash.c b/src/bin/lttng-crash/lttng-crash.c
> index 298ed71a..47358df9 100644
> --- a/src/bin/lttng-crash/lttng-crash.c
> +++ b/src/bin/lttng-crash/lttng-crash.c
> @@ -498,7 +498,8 @@ int check_magic(const uint8_t *magic)
>  }
>  
>  static
> -int get_crash_layout(struct lttng_crash_layout *layout, int fd)
> +int get_crash_layout(struct lttng_crash_layout *layout, int fd,
> +		const char *input_file)
>  {
>  	char *map;
>  	int ret = 0, unmapret;
> @@ -509,7 +510,17 @@ int get_crash_layout(struct lttng_crash_layout *layout, int fd)
>  	const struct crash_abi_unknown *abi;
>  	uint16_t endian;
>  	enum lttng_crash_type layout_type;
> +	struct stat stat;
>  
> +	ret = fstat(fd, &stat);
> +	if (ret < 0) {
> +		PERROR("fstat");
> +		return -1;
> +	}
> +	if (stat.st_size < RB_CRASH_DUMP_ABI_LEN) {
> +		ERR("File: '%s' truncated", input_file);
> +		return -1;
> +	}
>  	map = mmap(NULL, RB_CRASH_DUMP_ABI_LEN, PROT_READ, MAP_PRIVATE,
>  		fd, 0);
>  	if (map == MAP_FAILED) {
> @@ -838,7 +849,7 @@ int extract_file(int output_dir_fd, const char *output_file,
>  	}
>  
>  	/* Query the crash ABI layout */
> -	ret = get_crash_layout(&layout, fd_src);
> +	ret = get_crash_layout(&layout, fd_src, input_file);
>  	if (ret) {
>  		goto close_src;
>  	}
> -- 
> 2.11.0
>