[torquedev] Torque 2.3 - invalid memory access in qsub

Glen Beane glen.beane at gmail.com
Thu Jul 3 22:01:40 MDT 2008


On Tue, Jul 1, 2008 at 3:04 PM, Tobias Burnus <burnus at net-b.de> wrote:

> Hi all,
>
> I have Torque 2.3.0 and  "qsub" crashes here with an invalid memory
> access. The problem is that in src/cmds/qsub.c for running
> "qsub file.sh", one has the following
>
>    submit_args_str = malloc(sizeof(char) * argslen);
>
> -> argslen == 8 = strlen("file.sh")+1
>
> And later:
>
>    for (argi = 1;argi < argc;argi++)
>      {
>      strcat(submit_args_str,argv[argi]);
>
>      if (argi != optind - 1)
>        {
>        strcat(submit_args_str," ");
>
> here: argi == 1, argc = 2, optind = 1.
> Thus: argi != optind - 1
> And therefore the two bytes " " (= ' ' + '\0') are written,
> exceeding the bounds of submit_args_str.
>
> I did not quickly see how this can be fixed properly.



OK, I think I fixed this.  When I wrote the code to collect and save the
job's submit args a couple years ago we didn't include the script name, just
the options.  Someone modified qsub to also collect the script name, so i
think the code should now be the following:

    for (argi = 1;argi < argc;argi++)
      {
      strcat(submit_args_str,argv[argi]);

      if (argi != argc - 1)
        {
        strcat(submit_args_str," ");
        }
      }

The old code use to loop from argi = 1 to optind-1, now it loops from argi =
1 to argc - 1 so the if block that adds the " " to separate argv strings
needed to be updated as well.  This one seems to have been around a while.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.supercluster.org/pipermail/torquedev/attachments/20080704/b52d7ecc/attachment.html


More information about the torquedev mailing list