https://bugzilla.samba.org/show_bug.cgi?id=9798
Summary: rsync crash with SIGSEGV when read time out happens
Product: rsync
Version: 3.0.2
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: P5
Component: core
AssignedTo: way...@samba.org
ReportedBy: viju...@gmail.com
QAContact: rsync...@samba.org
Created attachment 8774
--> https://bugzilla.samba.org/attachment.cgi?id=8774
core file
rsync crashed with the following backtrace when read timeout happened.
(gdb) bt
#0 ascii_internal_loop (step=0x80a2ee8, step_data=0x80a3d24,
inptrp=0xbfffb05c, inend=0xbfffbd48 "\n", outptrp=0xbfffaf84, outend=0x80a5018
"", irreversible=0xbfffaf88) at loop.c:282
#1 0xb7f9cbb2 in __gconv_transform_ascii_internal (step=0x80a2ee8,
data=0x80a2fe8, inptrp=0xbfffb05c, inend=0xbfffbd48 "\n", outbufstart=0x0,
irreversible=0xbfffb018, do_flush=0,
consume_incomplete=0) at skeleton.c:483
#2 0xb7f99ec7 in __gconv (cd=0x80a2fe0, inbuf=0xbfffb05c, inbufend=0xbfffbd48
"\n", outbuf=0xbfffb064, outbufend=0x80a3d24 "", irreversible=0xbfffb018) at
gconv.c:63
#3 0xb7f996fc in iconv (cd=0x80a2fe0, inbuf=0xbfffb05c,
inbytesleft=0xbfffb060, outbuf=0xbfffb064, outbytesleft=0xbfffb068) at
iconv.c:53
#4 0x08050f6d in iconvbufs (ic=0x80a2fe0, in=0xbfffb4a0, out=0xbfffb4b0,
flags=0) at rsync.c:175
#5 0x080630e6 in rwrite (code=3086884128, buf=0xbfffbcf0 "rsync error: error
in rsync protocol data stream (code 12) at io.c(635) [receiver=3.0.2]\n",
len=-1073761120, is_utf8=0) at log.c:339
#6 0x080632fc in rprintf (code=FERROR, format=0x8083c20 "rsync error: %s (code
%d) at %s(%d) [%s=%s]\n") at log.c:398
#7 0x08064107 in log_exit (code=12, file=0x80895e0 "io.c", line=134780384) at
log.c:829
#8 0x08058b1d in _exit_cleanup (code=12, file=0x80895e0 "io.c", line=635) at
cleanup.c:191
#9 0x08068cc1 in whine_about_eof (fd=134888740) at io.c:635
#10 0x08068f21 in read_timeout (fd=5, buf=0xbfffe984 "\036", len=4) at io.c:783
#11 0x08069933 in readfd_unbuffered (fd=5, buf=0xbfffe984 "\036", len=4) at
io.c:1041
#12 0x08069e38 in readfd (fd=5, buffer=0xbfffe984 "\036", N=4) at io.c:1187
#13 0x08069ea5 in read_int (f=5) at io.c:1215
#14 0x0806b2cd in setup_protocol (f_out=4, f_in=5) at compat.c:150
#15 0x08060374 in client_run (f_in=5, f_out=4, pid=25865, argc=1,
argv=0x80a21a4) at main.c:983
#16 0x0806097d in start_client (argc=1, argv=0x80a21a4) at main.c:1266
#17 0x08061033 in main (argc=2, argv=0x80a21a0) at main.c:1493
The most recent errno before the crash was EILSEQ.
gdb)frame 4
gdb) p *in
$49 = {buf = 0xbfffbcf0 "rsync error: error in rsync protocol data stream (code
12) at io.c(635) [receiver=3.0.2]\n", pos = 16342, len = 4294951042, size =
4294967295}
(gdb) p icnt
$50 = 4294951042 -- This doesn’t look a good number. It is causing out of
buffer array access.
(gdb)
Icnt was initially 89 and probably it wrapped around ?
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
