Paul Slootman
2008-Apr-26 13:39 UTC
Bug#477931: rsync: Segfaults syncing the linux kernel archive.
Hi Wayne, I just got this bug report about rsync 3.0.2 reproducibly crashing, together with a backtrace and a patch; very helpful :-) (Please preserve 477931-forwarded@bugs.debian.org in the CC so that you response is archived in the Debian BTS, thanks.) Paul Slootman On Fri 25 Apr 2008, Kurt Roeckx wrote:> Subject: Bug#477931: rsync: Segfaults syncing the linux kernel archive. > From: Kurt Roeckx <kurt@roeckx.be>> Package: rsync > Version: 3.0.2-1 > Severity: serious > Tags: patch > > Hi, > > I can consitently make rsync segfault when trying to sync the linux > kernel archive using version 3.0.2. It doesn't segfault using > 2.6.9-2etch2. This has worked for weeks but started happening yesterday. > > This is what I got from gdb: > Program received signal SIGSEGV, Segmentation fault. > #0 0x0000000000434b84 in hashtable_find (tbl=0x0, key=-1, > allocate_if_missing=0) at hashtable.c:59 > 59 int key64 = tbl->key64; > (gdb) bt > #0 0x0000000000434b84 in hashtable_find (tbl=0x0, key=-1, > allocate_if_missing=0) at hashtable.c:59 > #1 0x0000000000430278 in check_prior (file=0x2ae3c6632e78, gnum=-1, > prev_ndx_p=0x7fffe8617564, flist_p=0x7fffe8617568) at hlink.c:269 > #2 0x0000000000430433 in hard_link_check (file=0x2ae3c6632e78, ndx=799511, > fname=0x7fffe861ba30 "scm/linux/kernel/git/torvalds/linux-2.6.git/objects/pack/pack-447fe96131da71732243925546a8d62bef99bea2.idx", statret=0, > sxp=0x7fffe861b870, itemizing=1, code=FLOG) at hlink.c:298 > #3 0x00000000004112d6 in recv_generator ( > fname=0x7fffe861ba30 "scm/linux/kernel/git/torvalds/linux-2.6.git/objects/pack/pack-447fe96131da71732243925546a8d62bef99bea2.idx", file=0x2ae3c6632e78, > ndx=799511, itemizing=1, code=FLOG, f_out=3) at generator.c:1504 > #4 0x00000000004139c2 in generate_files (f_out=3, local_name=0x0) > at generator.c:2214 > #5 0x000000000041f651 in do_recv (f_in=3, f_out=3, local_name=0x0) > at main.c:839 > #6 0x000000000041fdbe in client_run (f_in=3, f_out=3, pid=-1, argc=1, > argv=0x682338) at main.c:1077 > #7 0x000000000043f035 in start_socket_client ( > host=0x6827a8 "filehub.kernel.org", remote_argc=1, remote_argv=0x682330, > argc=1, argv=0x682338) at clientserver.c:132 > #8 0x00000000004204c0 in start_client (argc=1, argv=0x682338) at main.c:1243 > #9 0x0000000000420cf5 in main (argc=2, argv=0x682330) at main.c:1511 > (gdb) frame 1 > #1 0x0000000000430278 in check_prior (file=0x2ae3c6632e78, gnum=-1, > prev_ndx_p=0x7fffe8617564, flist_p=0x7fffe8617568) at hlink.c:269 > 269 if ((node = hashtable_find(prior_hlinks, gnum, 0)) != NULL) { > (gdb) p prior_hlinks > $1 = (struct hashtable *) 0x0 > (gdb) p inc_recurse > $2 = 0 > > prior_hlinks only seems to be used in case of !inc_recurse, so I > have the feeling that I shouldn't be comming there in the first place. > I'm guessing that the hashtable_find() should be inside an if (inc_recurse) > as all other hashtable_find()'s are also doing that. > > I've attached a patch that does that. It seems to be working. > > PS: It's annoying that when a core file gets created that it's written > in destination path instead of the directory where I started rsync. > > > Kurt >--- hlink.c.old 2008-04-25 19:39:15.000000000 +0000 +++ hlink.c 2008-04-25 19:39:49.000000000 +0000 @@ -266,15 +266,18 @@ F_HL_PREV(file) = prev_ndx = F_HL_PREV(fp); } - if ((node = hashtable_find(prior_hlinks, gnum, 0)) != NULL) { - assert(node->data != NULL); - if (CVAL(node->data, 0) != 0) { - *prev_ndx_p = -1; - *flist_p = NULL; - return node->data; + if (inc_recurse) + { + if ((node = hashtable_find(prior_hlinks, gnum, 0)) != NULL) { + assert(node->data != NULL); + if (CVAL(node->data, 0) != 0) { + *prev_ndx_p = -1; + *flist_p = NULL; + return node->data; + } + /* The prior file must have been skipped. */ + F_HL_PREV(file) = -1; } - /* The prior file must have been skipped. */ - F_HL_PREV(file) = -1; } *prev_ndx_p = -1;
Wayne Davison
2008-Apr-28 01:50 UTC
Bug#477931: rsync: Segfaults syncing the linux kernel archive.
On Sat, Apr 26, 2008 at 10:33:42AM +0200, Paul Slootman wrote:> I just got this bug report about rsync 3.0.2 reproducibly crashing, > together with a backtrace and a patch; very helpful :-)Yes, quite helpful. The fix is indeed the right one, though we can avoid the re-indenting of all that code. See the git repo for my version: http://git.samba.org/rsync.git/?p=rsync.git Thanks for the report and patch! ..wayne..