The crash I describe below is caused by an off-by-one error in
accurate.c...
In accurate_cmd, a blank chksum is not included in the length passed to
accurate_add_file, but in accurate_add_file, the blank chksum takes up
one byte and so will trigger the overrun detection if the buffer happens
to be the last in the "big buf", which is the case in my crash.
This crash would occur only when:
. chksum is blank
. accurate entry is last in the "big buf"
. accurate entry size == "big buf" remaining and so an overrun overruns
"big buf"
The following patch fixes the bug for me:
diff --git a/bacula/src/filed/accurate.c b/bacula/src/filed/accurate.c
index 3a043a3..a8446c9 100644
--- a/bacula/src/filed/accurate.c
+++ b/bacula/src/filed/accurate.c
@@ -223,8 +223,13 @@ static bool accurate_add_file(JCR *jcr, uint32_t
len,
item->lstat = item->fname+strlen(item->fname)+1;
strcpy(item->lstat, lstat);
- item->chksum = item->lstat+strlen(item->lstat)+1;
- strcpy(item->chksum, chksum);
+ if (!strlen(chksum)) {
+ /* re-use the null at the end of lstat */
+ item->chksum = item->lstat+strlen(item->lstat);
+ } else {
+ item->chksum = item->lstat+strlen(item->lstat)+1;
+ strcpy(item->chksum, chksum);
+ }
item->delta_seq = delta;
James
> -----Original Message-----
> From: James Harper
> Sent: Monday, 5 December 2011 3:08 PM
> To: James Harper; bacula-devel@lists.sourceforge.net
> Subject: RE: [Bacula-devel] crash in 5.2.2
>
> >
> > I'm getting a consistent crash on one Windows 2008 R2 server:
> >
> > 05-Dec 12:50 bitdc1-fd: ABORTING due to ERROR in
> > /home/kern/bacula/k/bacula/src/lib/smartall.c:216
> > Overrun buffer: len=9830441 addr=40d0068 allocated:
> > /home/kern/bacula/k/bacula/src/lib/htable.c:72 called from
> > /home/kern/bacula/k/bacula/src/lib/htable.c:91
> >
>
> This is happening at the end of the accurate 'seen' code I think:
>
> bitdc1-fd: /home/kern/bacula/k/bacula/src/lib/htable.c:79-0 malloc
> buf=4070068 size=9830400 rem=9830376
> bitdc1-fd: /home/kern/bacula/k/bacula/src/lib/htable.c:112-0 Created
new
> big buffer of 9830400 bytes
> bitdc1-fd: /home/kern/bacula/k/bacula/src/filed/accurate.c:234-0 add
> fname=<C:/Windows/winsxs/amd64_microsoft-windows-mediaplayer-
> core_31bf3856ad364e35_6.1.7600.16385_none_675eb4c668cac03c/WMPPlay
> er-ppdlic.xrm-ms> lstat=A A IH/ B A A A wz A A BKW+Ue BKW+Ue BKW+Ue A
> A M delta_seq=0 chksum=
> bitdc1-fd: /home/kern/bacula/k/bacula/src/filed/accurate.c:234-0 add
> fname=<C:/Windows/winsxs/amd64_microsoft-windows-mediaplayer-
> core_31bf3856ad364e35_6.1.7600.16385_none_675eb4c668cac03c/wmpshar
> e.exe> lstat=A A IH/ B A A A ZIA A A BKW9AA BKW+Hs BKW9AA A A M
> delta_seq=0 chksum=
> bitdc1-fd: /home/kern/bacula/k/bacula/src/filed/accurate.c:234-0 add
> fname=<C:/Windows/winsxs/amd64_microsoft-windows-mediaplayer-
> core_31bf3856ad364e35_6.1.7600.16385_none_675eb4c668cac03c/> lstat=A
> A EH/ B A A A A A A BKXBkT BKXBkT BKXBkR A A M delta_seq=0 chksum=
> bitdc1-fd: /home/kern/bacula/k/bacula/src/filed/accurate.c:234-0 add
> fname=<C:/Windows/winsxs/amd64_microsoft-windows-mediaplayer-
> core_31bf3856ad364e35_6.1.7600.16415_none_67aa66206891f9cc/avtranspo
> rt.xml> lstat=A A IH/ B A A A E2C A A BKW9BW BKMB1Y BKW9BW A A M
> delta_seq=0 chksum=
> bitdc1-fd: /home/kern/bacula/k/bacula/src/filed/accurate.c:234-0 add
> fname=<C:/Windows/winsxs/amd64_microsoft-windows-mediaplayer-
> core_31bf3856ad364e35_6.1.7600.16415_none_67aa66206891f9cc/connectio
> nmanager_dmr.xml> lstat=A A IH/ B A A A BT/ A A BKW9BW BKMB1Y
> BKW9BW A A M delta_seq=0 chksum=
> bitdc1-fd: /home/kern/bacula/k/bacula/src/filed/accurate.c:234-0 add
> fname=<C:/Windows/winsxs/amd64_microsoft-windows-mediaplayer-
> core_31bf3856ad364e35_6.1.7600.16415_none_67aa66206891f9cc/DMR_120.
> jpg> lstat=A A IH/ B A A A uj A A BKW9BW BKMB1W BKW9BW A A M
> delta_seq=0 chksum= ...
> bitdc1-fd: /home/kern/bacula/k/bacula/src/filed/accurate.c:159-0
deleted
> fname=C:/Windows/SoftwareDistribution/Download/f0c6519c2159e158a5a6
> 809e0034014a/cbshandler/state seen=0
> bitdc1-fd: /home/kern/bacula/k/bacula/src/filed/accurate.c:159-0
deleted
> fname=C:/ProgramData/Microsoft/Windows/WER/ReportQueue/Critical_6.1
> .7601_6d9bc88e5a3ea1e6a04e40309422f28fc0f47026_070c770d/Report.wer
> seen=0
> bitdc1-fd: /home/kern/bacula/k/bacula/src/filed/accurate.c:159-0
deleted
> fname=C:/Users/administrator.SBSSWG/AppData/Local/Microsoft/Windows
> /Temporary Internet Files/Content.IE5/V3S0WCGX/french-flag[1].jpg
> seen=0
> bitdc1-fd: /home/kern/bacula/k/bacula/src/lib/htable.c:90-0 free
malloc
> buf=49e0068
> bitdc1-fd: /home/kern/bacula/k/bacula/src/lib/htable.c:90-0 free
malloc
> buf=4070068 <crash here>
>
> Am I reading correctly that Bacula allocated a buffer of 9830400 bytes
in
> length but then went 41 bytes over the end?
>
> James
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel
