From: tang.wenjun3@zte.com.cn
To: Christophe Varoqui <christophe.varoqui@opensvc.com>
Cc: zhang.kai16@zte.com.cn, dm-devel@redhat.com,
10144149 <tang.wenjun3@zte.com.cn>
Subject: [PATCH] multipathd: "show map mpathx json" would cause realloc error possibly
Date: Fri, 14 Oct 2016 11:13:11 +0800 [thread overview]
Message-ID: <1476414791-8996-1-git-send-email-tang.wenjun3@zte.com.cn> (raw)
From: 10144149 <tang.wenjun3@zte.com.cn>
Problem: multipathd dead when we run "show map spathx json" command with
system messages as follows:
Oct 13 11:37:30 rhel7-1 multipathd: *** Error in `/sbin/multipathd': realloc(): invalid next size: 0x00007f8cf8004210 ***
Oct 13 11:37:30 rhel7-1 multipathd: ======= Backtrace: =========
Oct 13 11:37:30 rhel7-1 multipathd: /lib64/libc.so.6(+0x7bc67)[0x7f8d06171c67]
Oct 13 11:37:30 rhel7-1 multipathd: /lib64/libc.so.6(+0x7fb17)[0x7f8d06175b17]
Oct 13 11:37:30 rhel7-1 multipathd: /lib64/libc.so.6(realloc+0xd2)[0x7f8d06176702]
Reasons: in function snprint_multipath_fields_json
vector_foreach_slot (pgp->paths, pp, j) {
fwd += snprint_path(buff + fwd, len - fwd, PRINT_JSON_PATH, pp, 0);
if (fwd > len)
return fwd;
fwd += snprint_json_elem_footer(buff + fwd,
len - fwd, 3, j + 1 == VECTOR_SIZE(pgp->paths));
if (fwd > len)
return fwd;
}
snprint_path (char * line, int len, char * format, struct path * pp, int pad)
when len - fwd = 0 , The len is not restricted in snprint_path,and the Memory of line is
rewritten in snprint_path, it cause realloc() failed , so fwd > len modify
fwd >= len.
Other commands also have this type of risk.
Signed-off-by: 10144149 <tang.wenjun3@zte.com.cn>
---
libmultipath/print.c | 131 ++++++++++++++++++++++++++-------------------------
1 file changed, 66 insertions(+), 65 deletions(-)
diff --git a/libmultipath/print.c b/libmultipath/print.c
index 9aa41ad..78c065f 100644
--- a/libmultipath/print.c
+++ b/libmultipath/print.c
@@ -1004,11 +1004,11 @@ snprint_multipath_topology (char * buff, int len, struct multipath * mpp,
c += sprintf(c, "%c[%dm", 0x1B, 0); /* bold off */
fwd += snprint_multipath(buff + fwd, len - fwd, style, mpp, 1);
- if (fwd > len)
+ if (fwd >= len)
return len;
fwd += snprint_multipath(buff + fwd, len - fwd, PRINT_MAP_PROPS, mpp,
1);
- if (fwd > len)
+ if (fwd >= len)
return len;
if (!mpp->pg)
@@ -1022,7 +1022,7 @@ snprint_multipath_topology (char * buff, int len, struct multipath * mpp,
} else
strcpy(f, "`-+- " PRINT_PG_INDENT);
fwd += snprint_pathgroup(buff + fwd, len - fwd, fmt, pgp);
- if (fwd > len)
+ if (fwd >= len)
return len;
vector_foreach_slot (pgp->paths, pp, i) {
@@ -1035,13 +1035,14 @@ snprint_multipath_topology (char * buff, int len, struct multipath * mpp,
else
strcpy(f, " `- " PRINT_PATH_INDENT);
fwd += snprint_path(buff + fwd, len - fwd, fmt, pp, 1);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
}
return fwd;
}
+
static int
snprint_json (char * buff, int len, int indent, char *json_str)
{
@@ -1049,7 +1050,7 @@ snprint_json (char * buff, int len, int indent, char *json_str)
for (i = 0; i < indent; i++) {
fwd += snprintf(buff + fwd, len - fwd, PRINT_JSON_INDENT);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
}
@@ -1063,7 +1064,7 @@ snprint_json_header (char * buff, int len)
int fwd = 0;
fwd += snprint_json(buff, len, 0, PRINT_JSON_START_ELEM);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
fwd += snprintf(buff + fwd, len - fwd, PRINT_JSON_START_VERSION,
@@ -1078,7 +1079,7 @@ snprint_json_elem_footer (char * buff, int len, int indent, int last)
for (i = 0; i < indent; i++) {
fwd += snprintf(buff + fwd, len - fwd, PRINT_JSON_INDENT);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
}
@@ -1098,50 +1099,50 @@ snprint_multipath_fields_json (char * buff, int len,
struct pathgroup *pgp;
fwd += snprint_multipath(buff, len, PRINT_JSON_MAP, mpp, 0);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
fwd += snprint_json(buff + fwd, len - fwd, 2, PRINT_JSON_START_GROUPS);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
vector_foreach_slot (mpp->pg, pgp, i) {
pgp->selector = mpp->selector;
fwd += snprint_pathgroup(buff + fwd, len - fwd, PRINT_JSON_GROUP, pgp);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
fwd += snprintf(buff + fwd, len - fwd, PRINT_JSON_GROUP_NUM, i + 1);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
fwd += snprint_json(buff + fwd, len - fwd, 3, PRINT_JSON_START_PATHS);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
vector_foreach_slot (pgp->paths, pp, j) {
fwd += snprint_path(buff + fwd, len - fwd, PRINT_JSON_PATH, pp, 0);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
fwd += snprint_json_elem_footer(buff + fwd,
len - fwd, 3, j + 1 == VECTOR_SIZE(pgp->paths));
- if (fwd > len)
+ if (fwd >= len)
return fwd;
}
fwd += snprint_json(buff + fwd, len - fwd, 0, PRINT_JSON_END_ARRAY);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
fwd += snprint_json_elem_footer(buff + fwd,
len - fwd, 2, i + 1 == VECTOR_SIZE(mpp->pg));
- if (fwd > len)
+ if (fwd >= len)
return fwd;
}
fwd += snprint_json(buff + fwd, len - fwd, 0, PRINT_JSON_END_ARRAY);
- if (fwd > len)
+ if (fwd >= len)
return fwd;
fwd += snprint_json_elem_footer(buff + fwd, len - fwd, 1, last);
@@ -1154,23 +1155,23 @@ snprint_multipath_map_json (char * buff, int len,
int fwd = 0;
fwd += snprint_json_header(buff, len);
- if (fwd > len)
+ if (fwd >= len)
return len;
fwd += snprint_json(buff + fwd, len - fwd, 0, PRINT_JSON_START_MAP);
- if (fwd > len)
+ if (fwd >= len)
return len;
fwd += snprint_multipath_fields_json(buff + fwd, len - fwd, mpp, 1);
- if (fwd > len)
+ if (fwd >= len)
return len;
fwd += snprint_json(buff + fwd, len - fwd, 0, "\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
fwd += snprint_json(buff + fwd, len - fwd, 0, PRINT_JSON_END_LAST);
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1182,26 +1183,26 @@ snprint_multipath_topology_json (char * buff, int len, struct vectors * vecs)
struct multipath * mpp;
fwd += snprint_json_header(buff, len);
- if (fwd > len)
+ if (fwd >= len)
return len;
fwd += snprint_json(buff + fwd, len - fwd, 1, PRINT_JSON_START_MAPS);
- if (fwd > len)
+ if (fwd >= len)
return len;
vector_foreach_slot(vecs->mpvec, mpp, i) {
fwd += snprint_multipath_fields_json(buff + fwd, len - fwd,
mpp, i + 1 == VECTOR_SIZE(vecs->mpvec));
- if (fwd > len)
+ if (fwd >= len)
return len;
}
fwd += snprint_json(buff + fwd, len - fwd, 0, PRINT_JSON_END_ARRAY);
- if (fwd > len)
+ if (fwd >= len)
return len;
fwd += snprint_json(buff + fwd, len - fwd, 0, PRINT_JSON_END_LAST);
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1225,16 +1226,16 @@ snprint_hwentry (struct config *conf, char * buff, int len, struct hwentry * hwe
return 0;
fwd += snprintf(buff + fwd, len - fwd, "\tdevice {\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
iterate_sub_keywords(rootkw, kw, i) {
fwd += snprint_keyword(buff + fwd, len - fwd, "\t\t%k %v\n",
kw, hwe);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
fwd += snprintf(buff + fwd, len - fwd, "\t}\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1252,15 +1253,15 @@ snprint_hwtable (struct config *conf, char * buff, int len, vector hwtable)
return 0;
fwd += snprintf(buff + fwd, len - fwd, "devices {\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
vector_foreach_slot (hwtable, hwe, i) {
fwd += snprint_hwentry(conf, buff + fwd, len - fwd, hwe);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
fwd += snprintf(buff + fwd, len - fwd, "}\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1278,16 +1279,16 @@ snprint_mpentry (struct config *conf, char * buff, int len, struct mpentry * mpe
return 0;
fwd += snprintf(buff + fwd, len - fwd, "\tmultipath {\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
iterate_sub_keywords(rootkw, kw, i) {
fwd += snprint_keyword(buff + fwd, len - fwd, "\t\t%k %v\n",
kw, mpe);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
fwd += snprintf(buff + fwd, len - fwd, "\t}\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1305,15 +1306,15 @@ snprint_mptable (struct config *conf, char * buff, int len, vector mptable)
return 0;
fwd += snprintf(buff + fwd, len - fwd, "multipaths {\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
vector_foreach_slot (mptable, mpe, i) {
fwd += snprint_mpentry(conf, buff + fwd, len - fwd, mpe);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
fwd += snprintf(buff + fwd, len - fwd, "}\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1331,19 +1332,19 @@ snprint_overrides (struct config *conf, char * buff, int len, struct hwentry *ov
return 0;
fwd += snprintf(buff + fwd, len - fwd, "overrides {\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
if (!overrides)
goto out;
iterate_sub_keywords(rootkw, kw, i) {
fwd += snprint_keyword(buff + fwd, len - fwd, "\t%k %v\n",
kw, NULL);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
out:
fwd += snprintf(buff + fwd, len - fwd, "}\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1361,17 +1362,17 @@ snprint_defaults (struct config *conf, char * buff, int len)
return 0;
fwd += snprintf(buff + fwd, len - fwd, "defaults {\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
iterate_sub_keywords(rootkw, kw, i) {
fwd += snprint_keyword(buff + fwd, len - fwd, "\t%k %v\n",
kw, NULL);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
fwd += snprintf(buff + fwd, len - fwd, "}\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1508,7 +1509,7 @@ snprint_blacklist (struct config *conf, char * buff, int len)
return 0;
fwd += snprintf(buff + fwd, len - fwd, "blacklist {\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
vector_foreach_slot (conf->blist_devnode, ble, i) {
@@ -1517,7 +1518,7 @@ snprint_blacklist (struct config *conf, char * buff, int len)
return 0;
fwd += snprint_keyword(buff + fwd, len - fwd, "\t%k %v\n",
kw, ble);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
vector_foreach_slot (conf->blist_wwid, ble, i) {
@@ -1526,7 +1527,7 @@ snprint_blacklist (struct config *conf, char * buff, int len)
return 0;
fwd += snprint_keyword(buff + fwd, len - fwd, "\t%k %v\n",
kw, ble);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
vector_foreach_slot (conf->blist_property, ble, i) {
@@ -1535,7 +1536,7 @@ snprint_blacklist (struct config *conf, char * buff, int len)
return 0;
fwd += snprint_keyword(buff + fwd, len - fwd, "\t%k %v\n",
kw, ble);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
rootkw = find_keyword(conf->keywords, rootkw->sub, "device");
@@ -1544,28 +1545,28 @@ snprint_blacklist (struct config *conf, char * buff, int len)
vector_foreach_slot (conf->blist_device, bled, i) {
fwd += snprintf(buff + fwd, len - fwd, "\tdevice {\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
kw = find_keyword(conf->keywords, rootkw->sub, "vendor");
if (!kw)
return 0;
fwd += snprint_keyword(buff + fwd, len - fwd, "\t\t%k %v\n",
kw, bled);
- if (fwd > len)
+ if (fwd >= len)
return len;
kw = find_keyword(conf->keywords, rootkw->sub, "product");
if (!kw)
return 0;
fwd += snprint_keyword(buff + fwd, len - fwd, "\t\t%k %v\n",
kw, bled);
- if (fwd > len)
+ if (fwd >= len)
return len;
fwd += snprintf(buff + fwd, len - fwd, "\t}\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
}
fwd += snprintf(buff + fwd, len - fwd, "}\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1585,7 +1586,7 @@ snprint_blacklist_except (struct config *conf, char * buff, int len)
return 0;
fwd += snprintf(buff + fwd, len - fwd, "blacklist_exceptions {\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
vector_foreach_slot (conf->elist_devnode, ele, i) {
@@ -1594,7 +1595,7 @@ snprint_blacklist_except (struct config *conf, char * buff, int len)
return 0;
fwd += snprint_keyword(buff + fwd, len - fwd, "\t%k %v\n",
kw, ele);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
vector_foreach_slot (conf->elist_wwid, ele, i) {
@@ -1603,7 +1604,7 @@ snprint_blacklist_except (struct config *conf, char * buff, int len)
return 0;
fwd += snprint_keyword(buff + fwd, len - fwd, "\t%k %v\n",
kw, ele);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
vector_foreach_slot (conf->elist_property, ele, i) {
@@ -1612,7 +1613,7 @@ snprint_blacklist_except (struct config *conf, char * buff, int len)
return 0;
fwd += snprint_keyword(buff + fwd, len - fwd, "\t%k %v\n",
kw, ele);
- if (fwd > len)
+ if (fwd >= len)
return len;
}
rootkw = find_keyword(conf->keywords, rootkw->sub, "device");
@@ -1621,28 +1622,28 @@ snprint_blacklist_except (struct config *conf, char * buff, int len)
vector_foreach_slot (conf->elist_device, eled, i) {
fwd += snprintf(buff + fwd, len - fwd, "\tdevice {\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
kw = find_keyword(conf->keywords, rootkw->sub, "vendor");
if (!kw)
return 0;
fwd += snprint_keyword(buff + fwd, len - fwd, "\t\t%k %v\n",
kw, eled);
- if (fwd > len)
+ if (fwd >= len)
return len;
kw = find_keyword(conf->keywords, rootkw->sub, "product");
if (!kw)
return 0;
fwd += snprint_keyword(buff + fwd, len - fwd, "\t\t%k %v\n",
kw, eled);
- if (fwd > len)
+ if (fwd >= len)
return len;
fwd += snprintf(buff + fwd, len - fwd, "\t}\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
}
fwd += snprintf(buff + fwd, len - fwd, "}\n");
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1674,7 +1675,7 @@ snprint_status (char * buff, int len, struct vectors *vecs)
fwd += snprintf(buff + fwd, len - fwd, "\npaths: %d\nbusy: %s\n",
monitored_count, is_uevent_busy()? "True" : "False");
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
@@ -1740,7 +1741,7 @@ snprint_devices (struct config *conf, char * buff, int len, struct vectors *vecs
}
closedir(blkdir);
- if (fwd > len)
+ if (fwd >= len)
return len;
return fwd;
}
--
2.8.1.windows.1
--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel
next reply other threads:[~2016-10-14 3:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-14 3:13 tang.wenjun3 [this message]
[not found] <OF5BF4BDA1.F17A7CBD-ON4825805E.00146960-4825805E.001E3DAC@LocalDomain>
[not found] ` <OF40C7686E.999CA110-ON4825805E.001EC62D-4825805E.002071CC@zte.com.cn>
2016-11-01 17:13 ` [PATCH] multipathd: "show map mpathx json" would cause realloc error possibly Benjamin Marzinski
2016-11-02 1:41 tang.wenjun3
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1476414791-8996-1-git-send-email-tang.wenjun3@zte.com.cn \
--to=tang.wenjun3@zte.com.cn \
--cc=christophe.varoqui@opensvc.com \
--cc=dm-devel@redhat.com \
--cc=zhang.kai16@zte.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.