[torquedev] Torque 2.3 - invalid memory access in qsub
Tobias Burnus
burnus at net-b.de
Tue Jul 1 13:04:04 MDT 2008
Hi all,
I have Torque 2.3.0 and "qsub" crashes here with an invalid memory
access. The problem is that in src/cmds/qsub.c for running
"qsub file.sh", one has the following
submit_args_str = malloc(sizeof(char) * argslen);
-> argslen == 8 = strlen("file.sh")+1
And later:
for (argi = 1;argi < argc;argi++)
{
strcat(submit_args_str,argv[argi]);
if (argi != optind - 1)
{
strcat(submit_args_str," ");
here: argi == 1, argc = 2, optind = 1.
Thus: argi != optind - 1
And therefore the two bytes " " (= ' ' + '\0') are written,
exceeding the bounds of submit_args_str.
I did not quickly see how this can be fixed properly.
Tobias
PS: With all warnings turned on, gcc complains here that
the return value of fread and fwrite are not checked.
The attached patch adds some checks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cpuset-rpmlint.patch
Type: text/x-diff
Size: 4593 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torquedev/attachments/20080701/72e22afa/cpuset-rpmlint.bin
More information about the torquedev
mailing list