Bug#452195: bacula-fd - crashs with strippath > 0 in fileset

Tue, 20 Nov 2007 14:17:38 -0800 

After patching away the complete smartalloc stuff, valgrind was able to
produce some results which looks not completely bogus:

| ==3612== Invalid write of size 1
| ==3612==    at 0x4C239E5: strcpy (mc_replace_strmem.c:272)
| ==3612==    by 0x407394: save_file(FF_PKT*, void*, bool) (backup.c:1174)
| ==3612==    by 0x41277B: our_callback(FF_PKT*, void*, bool) (find.c:366)
| ==3612==    by 0x4140D8: find_one_file(JCR*, FF_PKT*, int (*)(FF_PKT*, void*, 
bool), void*, char*, unsigned long, bool) (find_one.c:655)
| ==3612==    by 0x412F4A: find_files(JCR*, FF_PKT*, int (*)(FF_PKT*, void*, 
bool), void*) (find.c:200)
| ==3612==    by 0x40660A: blast_data_to_storage_daemon(JCR*, char*) 
(backup.c:158)
| ==3612==    by 0x40ADE0: backup_cmd(JCR*) (job.c:1437)
| ==3612==    by 0x40B7CA: handle_client_request(void*) (job.c:250)
| ==3612==    by 0x430FCA: workq_server (workq.c:357)
| ==3612==    by 0x5996316: start_thread (pthread_create.c:296)
| ==3612==    by 0x6822C7C: clone (in /usr/lib/debug/libc-2.6.1.so)
| ==3612==  Address 0x4098E56 is 0 bytes after a block of size 22 alloc'd
| ==3612==    at 0x4C21C16: malloc (vg_replace_malloc.c:149)
| ==3612==    by 0x418BC5: b_malloc(char const*, int, unsigned long) 
(bsys.c:221)
| ==3612==    by 0x413C5D: find_one_file(JCR*, FF_PKT*, int (*)(FF_PKT*, void*, 
bool), void*, char*, unsigned long, bool) (find_one.c:98)
| ==3612==    by 0x412F4A: find_files(JCR*, FF_PKT*, int (*)(FF_PKT*, void*, 
bool), void*) (find.c:200)
| ==3612==    by 0x40660A: blast_data_to_storage_daemon(JCR*, char*) 
(backup.c:158)
| ==3612==    by 0x40ADE0: backup_cmd(JCR*) (job.c:1437)
| ==3612==    by 0x40B7CA: handle_client_request(void*) (job.c:250)
| ==3612==    by 0x430FCA: workq_server (workq.c:357)
| ==3612==    by 0x5996316: start_thread (pthread_create.c:296)
| ==3612==    by 0x6822C7C: clone (in /usr/lib/debug/libc-2.6.1.so)

This looks like buffer overflow.

Can someone please explain why bacula needs its own memory check stuff
which don't gain many but breaks external debuggers like valgrind?

Bastian

-- 
        "Beauty is transitory."
        "Beauty survives."
                -- Spock and Kirk, "That Which Survives", stardate unknown

Attachment: signature.asc
Description: Digital signature

Reply via email to