Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

segfault in write_sparse #722

Open
sudhackar opened this issue Jan 22, 2025 · 2 comments
Open

segfault in write_sparse #722

sudhackar opened this issue Jan 22, 2025 · 2 comments

Comments

@sudhackar
Copy link

sudhackar commented Jan 22, 2025
edited
Loading

From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093696 - @martinvonwittich (hi!)
and then some analysis on discord

simple repro

#!/bin/bash

rsync -e 'ssh -o LogLevel=ERROR -o BatchMode=yes' -aH -A --sparse --partial-dir=/tmp/partial.1 sec-noble-server-amd64:/sys/bus/usb/drivers_autoprobe /tmp/partial/

for gdb

set follow-fork-mode parent
break fork
r -e 'ssh -o LogLevel=ERROR -o BatchMode=yes' -aH -A --sparse --partial-dir=/tmp/partial.1 sec-noble-server-amd64:/sys/bus/usb/drivers_autoprobe /tmp/partial/
continue
set follow-fork-mode child
continue

and then

$ gdb -x /tmp/gdbssh ./rsync

The root cause can be, with --sparse and

int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
{
	if (!relpath || relpath[0] == '/') {
		// must be a relative path
		fprintf(stderr, "Error: relpath must be a relative path %s\n", relpath);
		errno = EINVAL;
		return -1;
	}

fails for path

Error: relpath must be a relative path /tmp/partial.1/drivers_autoprobe

pwndbg> bt
#0  0x000055555559f3a4 in write_sparse (len=700, buf=0x0, offset=0, use_seek=<optimized out>, f=<optimized out>) at fileio.c:83
#1  write_file (f=f@entry=4, use_seek=use_seek@entry=1, offset=offset@entry=0, buf=buf@entry=0x0, len=len@entry=700) at fileio.c:157
#2  0x000055555559f6ff in skip_matched (fd=fd@entry=4, offset=offset@entry=0, buf=buf@entry=0x0, len=len@entry=700) at fileio.c:197
#3  0x0000555555572ce3 in receive_data (f_in=f_in@entry=6, fname_r=fname_r@entry=0x5555555f0820 <partial_fname> "/tmp/partial.1/drivers_autoprobe", fd_r=fd_r@entry=-1, size_r=<optimized out>,
    fname=fname@entry=0x7fffffff61a0 "drivers_autoprobe", fd=fd@entry=4, file=0x7ffff7e10fe0, inplace_sizing=1) at receiver.c:363
#4  0x0000555555573e8a in recv_files (f_in=f_in@entry=6, f_out=f_out@entry=7, local_name=local_name@entry=0x0) at receiver.c:892
#5  0x0000555555580365 in do_recv (f_in=f_in@entry=6, f_out=7, f_out@entry=5, local_name=local_name@entry=0x0) at main.c:1056
#6  0x0000555555580ef7 in client_run (f_in=6, f_out=5, pid=pid@entry=685192, argc=argc@entry=1, argv=argv@entry=0x5555555f5be8) at main.c:1370
#7  0x000055555555f4da in start_client (argv=0x5555555f5be8, argc=1) at main.c:1588
#8  main (argc=<optimized out>, argc@entry=9, argv=<optimized out>, argv@entry=0x7fffffffd4b8) at main.c:1848
#9  0x00007ffff742a1ca in __libc_start_call_main (main=main@entry=0x55555555ee20 <main>, argc=argc@entry=9, argv=argv@entry=0x7fffffffd4b8) at ../sysdeps/nptl/libc_start_call_main.h:58
#10 0x00007ffff742a28b in __libc_start_main_impl (main=0x55555555ee20 <main>, argc=9, argv=0x7fffffffd4b8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd4a8) at ../csu/libc-start.c:360
#11 0x0000555555561275 in _start ()

write_sparse is now attempting to write to buf=NULL, fd_r for receive_data is -1.
@sudhackar sudhackar mentioned this issue Jan 24, 2025
Open
@tridge
Copy link
Member

tridge commented Jan 24, 2025

I haven't been able to reproduce this yet, still trying

@GuillaumeHullin
Copy link

@tridge I have a very similar issue maybe you can reproduce? see #715 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tridge @GuillaumeHullin @sudhackar