[ovs-git] [openvswitch/ovs] c19436: ovsdb monitor: Fix crash when using non-zero last-...

Han Zhou noreply at github.com
Wed Aug 21 21:48:16 UTC 2019


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: c194367cbf86cce4faad9e4126ee0529f37c3690
      https://github.com/openvswitch/ovs/commit/c194367cbf86cce4faad9e4126ee0529f37c3690
  Author: Han Zhou <hzhou8 at ebay.com>
  Date:   2019-08-21 (Wed, 21 Aug 2019)

  Changed paths:
    M ovsdb/ovsdb-server.c
    M ovsdb/transaction.c
    M ovsdb/transaction.h
    M tests/ovsdb-monitor.at

  Log Message:
  -----------
  ovsdb monitor: Fix crash when using non-zero last-id with standalone DB.

When a client uses monitor-cond-since with a non-zero last-id but the
server is not in cluster mode for the DB being monitored, it leads to
segmentation fault because the txn_history list is not initialized in
this case.

Program terminated with signal SIGSEGV, Segmentation fault.
1536            struct ovsdb_txn *txn = h_node->txn;
(gdb) bt
0  ovsdb_monitor_get_changes_after (txn_uuid=txn_uuid at entry=0x7ffe8605b7e0, dbmon=0x17c1b40, p_mcs=p_mcs at entry=0x17c4900) at ovsdb/monitor.c:1536
1  0x000000000040da2d in ovsdb_jsonrpc_monitor_create (request_id=0x1804630, version=<optimized out>, params=0x17ad330, db=0x18015b0, s=<optimized out>) at ovsdb/jsonrpc-server.c:1469
2  ovsdb_jsonrpc_session_got_request (request=0x17ad520, s=<optimized out>) at ovsdb/jsonrpc-server.c:1002
3  ovsdb_jsonrpc_session_run (s=<optimized out>) at ovsdb/jsonrpc-server.c:556
...

Although it doesn't happen in normal use cases, no one can prevent a
client to send this on purpose or in a corner case when a client firstly
connected to a clustered DB but later the server restarted with a
non-clustered DB.

This patch fixes it by always initialize the txn_history list to avoid
the undefined behavior in this case. It adds a test case to cover it, too.

Fixes: 695e815 ("ovsdb-server: Transaction history tracking.")
Reported-by: Aliasgar Ginwala <aginwala at ebay.com>
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>




More information about the git mailing list