Dominique Martinet has uploaded this change for review.

View Change

fsal proxy: fix use-after-scope in create session

csa_sec_parms_val was declared in its own scope but was used much
later, we need to declare it outside of the helper and pass the
address there.

==7480==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fffea684340 at pc 0x7fffecec1e9c bp 0x7fffea683510 sp 0x7fffea683500
READ of size 4 at 0x7fffea684340 thread T5

    #0 0x7fffecec1e9b in xdr_uint32_t /src/nfs-ganesha/src/libntirpc/ntirpc/rpc/xdr_inline.h:221
    #1 0x7fffecec1ef7 in xdr_u_int32_t /src/nfs-ganesha/src/libntirpc/ntirpc/rpc/xdr_inline.h:236
    #2 0x7fffecec9d88 in xdr_callback_sec_parms4 /src/nfs-ganesha/src/include/nfsv41.h:6750
    #3 0x7fffecec3c3c in xdr_array_encode /src/nfs-ganesha/src/libntirpc/ntirpc/rpc/xdr_inline.h:848
    #4 0x7fffecec3ef3 in xdr_array /src/nfs-ganesha/src/libntirpc/ntirpc/rpc/xdr_inline.h:891
    #5 0x7fffececaa56 in xdr_CREATE_SESSION4args /src/nfs-ganesha/src/include/nfsv41.h:7049
    #6 0x7fffecece544 in xdr_nfs_argop4 /src/nfs-ganesha/src/include/nfsv41.h:8233
    #7 0x7fffecec3c3c in xdr_array_encode /src/nfs-ganesha/src/libntirpc/ntirpc/rpc/xdr_inline.h:848
    #8 0x7fffecec3ef3 in xdr_array /src/nfs-ganesha/src/libntirpc/ntirpc/rpc/xdr_inline.h:891
    #9 0x7fffececfef4 in xdr_COMPOUND4args /src/nfs-ganesha/src/include/nfsv41.h:8732
    #10 0x7fffeced6f8c in pxy_compoundv4_call /src/nfs-ganesha/src/FSAL/FSAL_PROXY/handle.c:764
    #11 0x7fffeced834a in pxy_compoundv4_execute /src/nfs-ganesha/src/FSAL/FSAL_PROXY/handle.c:857
    #12 0x7fffeceda878 in pxy_setsessionid /src/nfs-ganesha/src/FSAL/FSAL_PROXY/handle.c:966
    #13 0x7fffecedc7eb in pxy_clientid_renewer /src/nfs-ganesha/src/FSAL/FSAL_PROXY/handle.c:1147
    #14 0x7ffff5572593 in start_thread /usr/src/debug/glibc-2.27-78-g2b47bb9cba/nptl/pthread_create.c:463
    #15 0x7ffff4e84e6e in clone (/lib64/libc.so.6+0xf9e6e)

Address 0x7fffea684340 is located in stack of thread T5 at offset 288 in frame
    #0 0x7fffeced9cbc in pxy_setsessionid /src/nfs-ganesha/src/FSAL/FSAL_PROXY/handle.c:936

  This frame has 7 object(s):
    [32, 36) 'seqid'
    [96, 100) 'fore_ca_rdma_ird_val_sink'
    [160, 164) 'back_ca_rdma_ird_val_sink'
    [224, 232) 'cid'
    [288, 336) 'csa_sec_parms_val' <== Memory access at offset 288 is inside this variable
    [384, 960) 'arg'
    [992, 1632) 'res'

Change-Id: I597abb06747898418c907e33b57b1f0ac1f904f7
Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
---
M src/FSAL/FSAL_PROXY/fsal_nfsv4_macros.h
M src/FSAL/FSAL_PROXY/handle.c
2 files changed, 6 insertions(+), 5 deletions(-)

git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/12/427712/1

To view, visit change 427712. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-MessageType: newchange
Gerrit-Change-Id: I597abb06747898418c907e33b57b1f0ac1f904f7
Gerrit-Change-Number: 427712
Gerrit-PatchSet: 1
Gerrit-Owner: Dominique Martinet <asmadeus@codewreck.org>