Bug#374686: xfsprogs: xfs_growfs crashes for non-root
Package: xfsprogs Version: 2.7.16-1 Severity: normal Hi, When I run xfs_growfs as a normal user, the program crashes. /dev/hda1 is my root XFS partition, the uid and gid is 1000. $ gdb /usr/sbin/xfs_growfs GNU gdb 6.4.90-debian Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i486-linux-gnu...Using host libthread_db library /lib/tls/libthread_db.so.1. (gdb) run -n /dev/hda1 Starting program: /usr/sbin/xfs_growfs -n /dev/hda1 *** glibc detected *** double free or corruption (fasttop): 0x080919f0 *** Program received signal SIGABRT, Aborted. 0xa7e557c7 in raise () from /lib/tls/libc.so.6 (gdb) bt #0 0xa7e557c7 in raise () from /lib/tls/libc.so.6 #1 0xa7e5706b in abort () from /lib/tls/libc.so.6 #2 0xa7e8c545 in __libc_message () from /lib/tls/libc.so.6 #3 0xa7e92b97 in _int_free () from /lib/tls/libc.so.6 #4 0xa7e93032 in free () from /lib/tls/libc.so.6 #5 0x0808a688 in fs_table_initialise_mounts (path=0x0) at paths.c:229 #6 0x0808a77e in fs_table_initialise () at paths.c:353 #7 0x0804972c in main (argc=Cannot access memory at address 0x3e32 ) at xfs_growfs.c:193 (gdb) up #1 0xa7e5706b in abort () from /lib/tls/libc.so.6 (gdb) up #2 0xa7e8c545 in __libc_message () from /lib/tls/libc.so.6 (gdb) up #3 0xa7e92b97 in _int_free () from /lib/tls/libc.so.6 (gdb) up #4 0xa7e93032 in free () from /lib/tls/libc.so.6 (gdb) up #5 0x0808a688 in fs_table_initialise_mounts (path=0x0) at paths.c:229 229 free(dir); (gdb) p dir $1 = 0x80919f0 (gdb) p error $4 = 13 So error=13 is EACCES - which is undertandable since I am not root here. The mistake now is that _both_ fs_table_insert() and fs_table_initialise_mounts() of libxcmd/paths.c of xfsprogs call free() on the dir variable. I suggest removing the free(dir) call in paths.c:fs_tableinsert(), but am not sure this is the correct fix. Regards, Bastian -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-treasure19 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages xfsprogs depends on: ii libc6 2.3.6-15 GNU C Library: Shared libraries ii libreadline5 5.1-7 GNU readline and history libraries ii libuuid1 1.39-1 universally unique id library xfsprogs recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#374686: xfsprogs: xfs_growfs crashes for non-root
On Tue, Jun 20, 2006 at 06:46:07PM +0200, Bastian Kleineidam wrote:
When I run xfs_growfs as a normal user, the program crashes.
/dev/hda1 is my root XFS partition, the uid and gid is 1000.
...
(gdb) run -n /dev/hda1
Starting program: /usr/sbin/xfs_growfs -n /dev/hda1
*** glibc detected *** double free or corruption (fasttop): 0x080919f0 ***
...
So error=13 is EACCES - which is undertandable since I am not root
here. The mistake now is that _both_ fs_table_insert() and
fs_table_initialise_mounts() of libxcmd/paths.c of xfsprogs call free()
on the dir variable.
Ayup, busted. Good catch. Can you try the patch below to see
if it fixes the problem?
thanks.
--
Nathan
--- a/xfsprogs/libxcmd/paths.c 2006-06-21 11:30:50.0 +1000
+++ b/xfsprogs/libxcmd/paths.c 2006-06-21 10:46:09.620437791 +1000
@@ -105,15 +105,15 @@ fs_table_insert(
datadev = logdev = rtdev = 0;
if (!fs_device_number(dir, datadev, 0))
- goto error;
+ return errno;
if (fslog (fslog = fs_device_number(fslog, logdev, 1)) == NULL)
- goto error;
+ return errno;
if (fsrt (fsrt = fs_device_number(fsrt, rtdev, 1)) == NULL)
- goto error;
+ return errno;
fs_table = realloc(fs_table, sizeof(fs_path_t) * (fs_count + 1));
if (!fs_table)
- goto error;
+ return errno;
fs_path = fs_table[fs_count];
fs_path-fs_dir = dir;
@@ -127,13 +127,6 @@ fs_table_insert(
fs_path-fs_rtdev = rtdev;
fs_count++;
return 0;
-
- error:
- if (dir) free(dir);
- if (fsrt) free(fsrt);
- if (fslog) free(fslog);
- if (fsname) free(fsname);
- return errno;
}
void
@@ -191,8 +184,11 @@ fs_table_initialise_mounts(
{
struct mntent *mnt;
FILE*mtp;
- char*dir = NULL, *fsname = NULL, *fslog, *fsrt;
- int error = 0, found = 0;
+ char*dir, *fsname, *fslog, *fsrt;
+ int error, found;
+
+ error = found = 0;
+ dir = fsname = fslog = fsrt = NULL;
if (!mtab_file) {
mtab_file = PROC_MOUNTS;
@@ -226,8 +222,10 @@ fs_table_initialise_mounts(
if (!error path !found)
error = ENXIO;
if (error) {
- free(dir);
- free(fsname);
+ if (dir) free(dir);
+ if (fsrt) free(fsrt);
+ if (fslog) free(fslog);
+ if (fsname) free(fsname);
}
return error;
}
@@ -240,8 +238,11 @@ fs_table_initialise_mounts(
char*path)
{
struct statfs *stats;
- char*dir = NULL, *fsname = NULL, *fslog = NULL, *fsrt =
NULL;
- int i, count, found = 0, error = 0;
+ char*dir, *fsname, *fslog, *fsrt;
+ int i, count, error, found;
+
+ error = found = 0;
+ dir = fsname = fslog = fsrt = NULL;
if ((count = getmntinfo(stats, 0)) 0) {
perror(getmntinfo);
@@ -270,8 +271,10 @@ fs_table_initialise_mounts(
if (!error path !found)
error = ENXIO;
if (error) {
- free(dir);
- free(fsname);
+ if (dir) free(dir);
+ if (fsrt) free(fsrt);
+ if (fslog) free(fslog);
+ if (fsname) free(fsname);
}
return error;
}
@@ -339,8 +342,8 @@ fs_table_initialise_projects(
if (!error project !found)
error = ENOENT;
if (error) {
- free(dir);
- free(fsname);
+ if (dir) free(dir);
+ if (fsname) free(fsname);
}
return error;
}
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#374686: xfsprogs: xfs_growfs crashes for non-root
Pretty certain that last patch fixes it. I'll merge it and upload a new version - let me know if any problems remain. thanks. -- Nathan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
