Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access freed FileNode caused core dump in encfs::encfs_flush #348

Closed
jiangjianping opened this issue Jul 21, 2017 · 4 comments
Closed

Access freed FileNode caused core dump in encfs::encfs_flush #348

jiangjianping opened this issue Jul 21, 2017 · 4 comments

Comments

@jiangjianping
Copy link

jiangjianping commented Jul 21, 2017
edited by rfjakob
Loading

Hi there,

We encounter the core dumped when testing the encfs (cloned yesterday). The attached is the valgrind log which indicated that encfs::encfs_flush tried to access freed FileNode.

==5544== 1 errors in context 5 of 9:
==5544== Invalid read of size 1
==5544==    at 0x4C337D8: __memcmp_sse4_1 (vg_replace_strmem.c:1099)
==5544==    by 0x5A635A2: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(unsigned long, unsigned long, char const*, unsigned long) const (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21)
==5544==    by 0x520067: encfs::DirNode::touchesMountpoint(char const*) const (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x5273BD: encfs::withFileNode(char const*, char const*, fuse_file_info*, std::function<int (encfs::FileNode*)>)::{lambda(encfs::FileNode*)#1}::operator()(encfs::FileNode*) const (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x5276D7: encfs::withFileNode(char const*, char const*, fuse_file_info*, std::function<int (encfs::FileNode*)>) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52A7E8: encfs::encfs_flush(char const*, fuse_file_info*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4E494E6: fuse_flush_common (fuse.c:3844)
==5544==    by 0x4E4976F: fuse_lib_flush (fuse.c:3894)
==5544==    by 0x4E4FDB5: do_flush (fuse_lowlevel.c:1322)
==5544==    by 0x4E50CE0: fuse_ll_process_buf (fuse_lowlevel.c:2443)
==5544==    by 0x4E4D477: fuse_do_work (fuse_loop_mt.c:117)
==5544==    by 0x572C6B9: start_thread (pthread_create.c:333)
==5544==  Address 0x8b97620 is 0 bytes inside a block of size 168 free'd
==5544==    at 0x4C2F1A0: operator delete(void*) (vg_replace_malloc.c:576)
==5544==    by 0x53780D: encfs::FileNode::~FileNode() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x5267CF: std::_Sp_counted_ptr<encfs::FileNode*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4EAE69: std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4EA5DC: std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x51B2CB: std::__shared_ptr<encfs::FileNode, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x51B30D: std::shared_ptr<encfs::FileNode>::~shared_ptr() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x51AAC5: encfs::EncFS_Context::eraseNode(char const*, encfs::FileNode*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52A88B: encfs::encfs_release(char const*, fuse_file_info*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4E46DC1: fuse_do_release (fuse.c:3091)
==5544==    by 0x4E49642: fuse_lib_release (fuse.c:3879)
==5544==    by 0x4E50018: do_release (fuse_lowlevel.c:1346)
==5544==  Block was alloc'd at
==5544==    at 0x4C2E216: operator new(unsigned long) (vg_replace_malloc.c:334)
==5544==    by 0x5A61498: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_mutate(unsigned long, unsigned long, char const*, unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21)
==5544==    by 0x5A6200A: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_replace(unsigned long, unsigned long, char const*, unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21)
==5544==    by 0x537545: encfs::FileNode::FileNode(encfs::DirNode*, std::shared_ptr<encfs::FSConfig> const&, char const*, char const*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52349E: encfs::DirNode::findOrCreate(char const*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x523854: encfs::DirNode::openNode(char const*, char const*, int, int*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52A3EC: encfs::encfs_open(char const*, fuse_file_info*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4E47167: fuse_compat_open (fuse.c:1474)
==5544==    by 0x4E47167: fuse_fs_open (fuse.c:1739)
==5544==    by 0x4E47241: fuse_lib_open (fuse.c:3215)
==5544==    by 0x4E515BB: do_open (fuse_lowlevel.c:1214)
==5544==    by 0x4E50CE0: fuse_ll_process_buf (fuse_lowlevel.c:2443)
==5544==    by 0x4E4D477: fuse_do_work (fuse_loop_mt.c:117)
==5544== 
==5544== 
==5544== 1 errors in context 6 of 9:
==5544== Invalid read of size 8
==5544==    at 0x4C33796: __memcmp_sse4_1 (vg_replace_strmem.c:1099)
==5544==    by 0x5A635A2: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(unsigned long, unsigned long, char const*, unsigned long) const (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21)
==5544==    by 0x520067: encfs::DirNode::touchesMountpoint(char const*) const (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x5273BD: encfs::withFileNode(char const*, char const*, fuse_file_info*, std::function<int (encfs::FileNode*)>)::{lambda(encfs::FileNode*)#1}::operator()(encfs::FileNode*) const (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x5276D7: encfs::withFileNode(char const*, char const*, fuse_file_info*, std::function<int (encfs::FileNode*)>) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52A7E8: encfs::encfs_flush(char const*, fuse_file_info*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4E494E6: fuse_flush_common (fuse.c:3844)
==5544==    by 0x4E4976F: fuse_lib_flush (fuse.c:3894)
==5544==    by 0x4E4FDB5: do_flush (fuse_lowlevel.c:1322)
==5544==    by 0x4E50CE0: fuse_ll_process_buf (fuse_lowlevel.c:2443)
==5544==    by 0x4E4D477: fuse_do_work (fuse_loop_mt.c:117)
==5544==    by 0x572C6B9: start_thread (pthread_create.c:333)
==5544==  Address 0x8b97620 is 0 bytes inside a block of size 168 free'd
==5544==    at 0x4C2F1A0: operator delete(void*) (vg_replace_malloc.c:576)
==5544==    by 0x53780D: encfs::FileNode::~FileNode() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x5267CF: std::_Sp_counted_ptr<encfs::FileNode*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4EAE69: std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4EA5DC: std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x51B2CB: std::__shared_ptr<encfs::FileNode, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x51B30D: std::shared_ptr<encfs::FileNode>::~shared_ptr() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x51AAC5: encfs::EncFS_Context::eraseNode(char const*, encfs::FileNode*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52A88B: encfs::encfs_release(char const*, fuse_file_info*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4E46DC1: fuse_do_release (fuse.c:3091)
==5544==    by 0x4E49642: fuse_lib_release (fuse.c:3879)
==5544==    by 0x4E50018: do_release (fuse_lowlevel.c:1346)
==5544==  Block was alloc'd at
==5544==    at 0x4C2E216: operator new(unsigned long) (vg_replace_malloc.c:334)
==5544==    by 0x5A61498: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_mutate(unsigned long, unsigned long, char const*, unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21)
==5544==    by 0x5A6200A: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_replace(unsigned long, unsigned long, char const*, unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21)
==5544==    by 0x537545: encfs::FileNode::FileNode(encfs::DirNode*, std::shared_ptr<encfs::FSConfig> const&, char const*, char const*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52349E: encfs::DirNode::findOrCreate(char const*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x523854: encfs::DirNode::openNode(char const*, char const*, int, int*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52A3EC: encfs::encfs_open(char const*, fuse_file_info*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4E47167: fuse_compat_open (fuse.c:1474)
==5544==    by 0x4E47167: fuse_fs_open (fuse.c:1739)
==5544==    by 0x4E47241: fuse_lib_open (fuse.c:3215)
==5544==    by 0x4E515BB: do_open (fuse_lowlevel.c:1214)
==5544==    by 0x4E50CE0: fuse_ll_process_buf (fuse_lowlevel.c:2443)
==5544==    by 0x4E4D477: fuse_do_work (fuse_loop_mt.c:117)
==5544== 
==5544== 
==5544== 1 errors in context 7 of 9:
==5544== Invalid read of size 8
==5544==    at 0x5A62BE0: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::c_str() const (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21)
==5544==    by 0x53785D: encfs::FileNode::cipherName() const (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52739D: encfs::withFileNode(char const*, char const*, fuse_file_info*, std::function<int (encfs::FileNode*)>)::{lambda(encfs::FileNode*)#1}::operator()(encfs::FileNode*) const (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x5276D7: encfs::withFileNode(char const*, char const*, fuse_file_info*, std::function<int (encfs::FileNode*)>) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52A7E8: encfs::encfs_flush(char const*, fuse_file_info*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4E494E6: fuse_flush_common (fuse.c:3844)
==5544==    by 0x4E4976F: fuse_lib_flush (fuse.c:3894)
==5544==    by 0x4E4FDB5: do_flush (fuse_lowlevel.c:1322)
==5544==    by 0x4E50CE0: fuse_ll_process_buf (fuse_lowlevel.c:2443)
==5544==    by 0x4E4D477: fuse_do_work (fuse_loop_mt.c:117)
==5544==    by 0x572C6B9: start_thread (pthread_create.c:333)
==5544==    by 0x5FE13DC: clone (clone.S:109)
==5544==  Address 0x8cfa000 is 112 bytes inside a block of size 152 free'd
==5544==    at 0x4C2F1A0: operator delete(void*) (vg_replace_malloc.c:576)
==5544==    by 0x5267D7: std::_Sp_counted_ptr<encfs::FileNode*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4EAE69: std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4EA5DC: std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x51B2CB: std::__shared_ptr<encfs::FileNode, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x51B30D: std::shared_ptr<encfs::FileNode>::~shared_ptr() (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x51AAC5: encfs::EncFS_Context::eraseNode(char const*, encfs::FileNode*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52A88B: encfs::encfs_release(char const*, fuse_file_info*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4E46DC1: fuse_do_release (fuse.c:3091)
==5544==    by 0x4E49642: fuse_lib_release (fuse.c:3879)
==5544==    by 0x4E50018: do_release (fuse_lowlevel.c:1346)
==5544==    by 0x4E50CE0: fuse_ll_process_buf (fuse_lowlevel.c:2443)
==5544==  Block was alloc'd at
==5544==    at 0x4C2E216: operator new(unsigned long) (vg_replace_malloc.c:334)
==5544==    by 0x52346E: encfs::DirNode::findOrCreate(char const*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x523854: encfs::DirNode::openNode(char const*, char const*, int, int*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x52A3EC: encfs::encfs_open(char const*, fuse_file_info*) (in /opt/zjcloud/sbin/encfs)
==5544==    by 0x4E47167: fuse_compat_open (fuse.c:1474)
==5544==    by 0x4E47167: fuse_fs_open (fuse.c:1739)
==5544==    by 0x4E47241: fuse_lib_open (fuse.c:3215)
==5544==    by 0x4E515BB: do_open (fuse_lowlevel.c:1214)
==5544==    by 0x4E50CE0: fuse_ll_process_buf (fuse_lowlevel.c:2443)
==5544==    by 0x4E4D477: fuse_do_work (fuse_loop_mt.c:117)
==5544==    by 0x572C6B9: start_thread (pthread_create.c:333)
==5544==    by 0x5FE13DC: clone (clone.S:109)
@jiangjianping
Copy link
Author

I downgrade to 1.8.1, the problem disappeared.

@rfjakob
Copy link
Collaborator

rfjakob commented Jul 23, 2017

You are probably seeing the same thing as #214. I finished a fix yesterday, could you

git clone https://github.com/rfjakob/encfs.git

and try again?

@jiangjianping
Copy link
Author

@rfjakob

I will try, Thank you very much!

@jiangjianping jiangjianping reopened this Jul 24, 2017
@rfjakob
Copy link
Collaborator

rfjakob commented Jul 25, 2017

Note that v2 of the path series is available at:

git clone -b issue214-v2 https://github.com/rfjakob/encfs.git

Let's continue at #214

Duplicate of #214

@rfjakob rfjakob marked this as a duplicate of #214 Jul 25, 2017
@rfjakob rfjakob closed this as completed Jul 25, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rfjakob @jiangjianping