Re: Some bugs about command line parameters from Jens Axboe on 2007-07-19 (fio-devel)

From: Jens Axboe <jens.axboe_at_oracle.com>
Date: Thu, 19 Jul 2007 14:50:54 +0200

On Thu, Jul 19 2007, Jens Axboe wrote:
> On Thu, Jul 19 2007, Jens Axboe wrote:
> > On Thu, Jul 19 2007, Erwan Velu wrote:
> > > Hey folks,
> > > I'm running fio 1.16.6 on a x86 system using a Mandriva 2007.0.
> > >
> > > I tried some "stupid" command line and it leads to segfault or "double free
> > > or corruption" glibc errors.
> > >
> > > I just created a simple job file like :
> > > [erwan_at_r1 fio]$ cat asimplejob.fio
> > > [global]
> > > rw=read
> > > size=16m
> > >
> > > [job1]
> > > description="Read Seq 16k O/Direct"
> > > bs=16k
> > > direct=1
> > > numjobs=1
> > >
> > > [job2]
> > > description="Read Seq 128k O/Direct"
> > > bs=128k
> > > direct=1
> > > numjobs=1
> > >
> > > Then I did the following command lines :
> > >
> > > fio /home/erwan/fio/asimplejob.fio /home/erwan/fio/asimplejob.fio -> a did
> > > my tab completion twice :/
> > >
> > > job1: (g=0): rw=read, bs=16K-16K/16K-16K, ioengine=sync, iodepth=1
> > > job2: (g=0): rw=read, bs=128K-128K/128K-128K, ioengine=sync, iodepth=1
> > > job1: (g=1): rw=read, bs=16K-16K/16K-16K, ioengine=sync, iodepth=1
> > > job2: (g=1): rw=read, bs=128K-128K/128K-128K, ioengine=sync, iodepth=1
> > > *** glibc detected *** fio: double free or corruption (!prev): 0x0806c200
> > > ***
> > > Then the glibc show the backtrace.
>
> This I can't reproduce - can you remove the -O2 option from the
> Makefile, recompile, reproduce, and show me a backtrace?

OK, this may fix the random bug at least. I still need help with the
above.

diff --git a/init.c b/init.c
index f0aa5e3..93322fd 100644
--- a/init.c
+++ b/init.c
@@ -564,8 +564,12 @@ static int parse_jobs_ini(char *file, int stonewall_flag)
         }

         string = malloc(4096);
- name = malloc(256);
- memset(name, 0, 256);
+
+ /*
+ * it's really 256 + small bit, 280 should suffice
+ */
+ name = malloc(280);
+ memset(name, 0, 280);

         stonewall = stonewall_flag;
         do {
diff --git a/parse.c b/parse.c
index 9015b1d..f0e644f 100644
--- a/parse.c
+++ b/parse.c
@@ -159,8 +159,8 @@ void strip_blank_end(char *p)
         if (s)
                 p = s;

- s = p + strlen(p) - 1;
- while (isspace(*s) || iscntrl(*s))
+ s = p + strlen(p);
+ while ((isspace(*s) || iscntrl(*s)) && (s > p))
                 s--;

         *(s + 1) = '\0';

-- 
Jens Axboe

Received on Thu Jul 19 2007 - 14:50:54 CEST

This archive was generated by hypermail 2.2.0 : Thu Jul 19 2007 - 15:00:01 CEST