[Bug 9798] New: rsync crash with SIGSEGV when read time out happens

samba-bugs at samba.org samba-bugs at samba.org
Tue Apr 16 07:48:18 MDT 2013 

https://bugzilla.samba.org/show_bug.cgi?id=9798

           Summary: rsync crash with SIGSEGV when read time out happens
           Product: rsync
           Version: 3.0.2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: P5
         Component: core
        AssignedTo: wayned at samba.org
        ReportedBy: vijunag at gmail.com
         QAContact: rsync-qa at samba.org


Created attachment 8774
  --> https://bugzilla.samba.org/attachment.cgi?id=8774
core file

rsync crashed with the following backtrace when read timeout happened.

(gdb) bt
#0  ascii_internal_loop (step=0x80a2ee8, step_data=0x80a3d24,
inptrp=0xbfffb05c, inend=0xbfffbd48 "\n", outptrp=0xbfffaf84, outend=0x80a5018
"", irreversible=0xbfffaf88) at loop.c:282
#1  0xb7f9cbb2 in __gconv_transform_ascii_internal (step=0x80a2ee8,
data=0x80a2fe8, inptrp=0xbfffb05c, inend=0xbfffbd48 "\n", outbufstart=0x0,
irreversible=0xbfffb018, do_flush=0, 
    consume_incomplete=0) at skeleton.c:483
#2  0xb7f99ec7 in __gconv (cd=0x80a2fe0, inbuf=0xbfffb05c, inbufend=0xbfffbd48
"\n", outbuf=0xbfffb064, outbufend=0x80a3d24 "", irreversible=0xbfffb018) at
gconv.c:63
#3  0xb7f996fc in iconv (cd=0x80a2fe0, inbuf=0xbfffb05c,
inbytesleft=0xbfffb060, outbuf=0xbfffb064, outbytesleft=0xbfffb068) at
iconv.c:53
#4  0x08050f6d in iconvbufs (ic=0x80a2fe0, in=0xbfffb4a0, out=0xbfffb4b0,
flags=0) at rsync.c:175
#5  0x080630e6 in rwrite (code=3086884128, buf=0xbfffbcf0 "rsync error: error
in rsync protocol data stream (code 12) at io.c(635) [receiver=3.0.2]\n",
len=-1073761120, is_utf8=0) at log.c:339
#6  0x080632fc in rprintf (code=FERROR, format=0x8083c20 "rsync error: %s (code
%d) at %s(%d) [%s=%s]\n") at log.c:398
#7  0x08064107 in log_exit (code=12, file=0x80895e0 "io.c", line=134780384) at
log.c:829
#8  0x08058b1d in _exit_cleanup (code=12, file=0x80895e0 "io.c", line=635) at
cleanup.c:191
#9  0x08068cc1 in whine_about_eof (fd=134888740) at io.c:635
#10 0x08068f21 in read_timeout (fd=5, buf=0xbfffe984 "\036", len=4) at io.c:783
#11 0x08069933 in readfd_unbuffered (fd=5, buf=0xbfffe984 "\036", len=4) at
io.c:1041
#12 0x08069e38 in readfd (fd=5, buffer=0xbfffe984 "\036", N=4) at io.c:1187
#13 0x08069ea5 in read_int (f=5) at io.c:1215
#14 0x0806b2cd in setup_protocol (f_out=4, f_in=5) at compat.c:150
#15 0x08060374 in client_run (f_in=5, f_out=4, pid=25865, argc=1,
argv=0x80a21a4) at main.c:983
#16 0x0806097d in start_client (argc=1, argv=0x80a21a4) at main.c:1266
#17 0x08061033 in main (argc=2, argv=0x80a21a0) at main.c:1493

The most recent errno before the crash was EILSEQ.

gdb)frame 4
gdb) p *in
$49 = {buf = 0xbfffbcf0 "rsync error: error in rsync protocol data stream (code
12) at io.c(635) [receiver=3.0.2]\n", pos = 16342, len = 4294951042, size =
4294967295}
(gdb) p icnt 
$50 = 4294951042  -- This doesn’t look a good number. It is causing out of
buffer array access.
(gdb)
Icnt was initially 89 and probably it wrapped around ?

-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the rsync mailing list