<br><br><div class="gmail_quote">On Tue, Jul 1, 2008 at 3:04 PM, Tobias Burnus <<a href="mailto:burnus@net-b.de">burnus@net-b.de</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi all,<br>
<br>
I have Torque 2.3.0 and "qsub" crashes here with an invalid memory<br>
access. The problem is that in src/cmds/qsub.c for running<br>
"qsub file.sh", one has the following<br>
<br>
submit_args_str = malloc(sizeof(char) * argslen);<br>
<br>
-> argslen == 8 = strlen("file.sh")+1<br>
<br>
And later:<br>
<br>
for (argi = 1;argi < argc;argi++)<br>
{<br>
strcat(submit_args_str,argv[argi]);<br>
<br>
if (argi != optind - 1)<br>
{<br>
strcat(submit_args_str," ");<br>
<br>
here: argi == 1, argc = 2, optind = 1.<br>
Thus: argi != optind - 1<br>
And therefore the two bytes " " (= ' ' + '\0') are written,<br>
exceeding the bounds of submit_args_str.<br>
<br>
I did not quickly see how this can be fixed properly.</blockquote></div><br><br>OK, I think I fixed this. When I wrote the code to collect and save
the job's submit args a couple years ago we didn't include the script
name, just the options. Someone modified qsub to also collect the
script name, so i think the code should now be the following:<br>
<br>
for (argi = 1;argi < argc;argi++)<br>
{<br>
strcat(submit_args_str,argv[argi]);<br>
<br>
if (argi != argc - 1)<br>
{<br>
strcat(submit_args_str," ");<br>
}<br>
}<br>
<br>
The old code use to loop from argi = 1 to optind-1, now it loops from
argi = 1 to argc - 1 so the if block that adds the " " to separate argv
strings needed to be updated as well. This one seems to have been
around a while.<br>