Package: rrdtool
Version: 1.4.2-1+b1
Severity: serious
Justification: breaks iptotal
Hi,
iptotal.cgi (from the iptotal package) contains the following line
<RRD::TIME::LAST /var/lib/iptotal/iptotal.rrd %c>
which causes rrdcgi to crash with the following backtrace:
(gdb) bt
#0 strlen () at ../sysdeps/i386/i486/strlen.S:40
#1 0xb73a681e in _IO_vfprintf_internal (s=0xbfa4086c,
format=0xb781edd0 "Usage: rrdtool %s [--daemon <addr>] <file>",
ap=0xbfa40988 "\021\001\202ˇ")
at vfprintf.c:1601
#2 0xb73c56b4 in _IO_vsnprintf (string=0xb78269c0 "Usage: rrdtool ",
maxlen=4096,
format=0xb781edd0 "Usage: rrdtool %s [--daemon <addr>] <file>",
args=0xbfa40984 "\211")
at vsnprintf.c:120
#3 0xb78140c4 in rrd_set_error () from /usr/lib/librrd.so.4
#4 0xb7805be4 in rrd_last () from /usr/lib/librrd.so.4
#5 0x0804b211 in printtimelast ()
#6 0x0804aa83 in ?? ()
#7 0x0804c265 in ?? ()
#8 0xb737bb55 in __libc_start_main (main=0x804bf70, argc=2,
ubp_av=0xbfa40bb4, init=0x804c5c0,
fini=0x804c5b0, rtld_fini=0xb78629b0 <_dl_fini>,
stack_end=0xbfa40bac) at libc-start.c:222
Afer some investigation, I found that the problem is in the line 991
of rrd_cgi.c:
last = rrd_last(argc + 1, (char **) args - 1);
The first argument of rrd_last() should obviously be argc (which is 2),
not argc + 1. Also please note that second argument of the function
refers to address before the start of the array, which seems to
be a very bad programming style, and which in fact is a root cause of the
crash as rrd_last() tries to display argv[0] in an error message.
The attached patch fixes the problem.
Regards,
robert
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (990, 'unstable'), (200, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/pdksh
Versions of packages rrdtool depends on:
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-2 The Cairo 2D vector graphics libra
ii libdbi0 0.8.2-3 Database Independent Abstraction L
ii libglib2.0-0 2.22.4-1 The GLib library of C routines
ii libpango1.0-0 1.26.2-1 Layout and rendering of internatio
ii libpng12-0 1.2.43-1 PNG library - runtime
ii librrd4 1.4.2-1+b1 time-series data storage and displ
ii libxml2 2.7.6.dfsg-2+b1 GNOME XML library
rrdtool recommends no packages.
Versions of packages rrdtool suggests:
pn librrds-perl <none> (no description available)
-- no debconf information
-- debsums errors found:
debsums: changed file /usr/bin/rrdcgi (from rrdtool package)
--- rrdtool-1.4.2.old/src/rrd_cgi.c 2009-11-15 12:54:23.000000000 +0100
+++ rrdtool-1.4.2/src/rrd_cgi.c 2010-03-11 13:31:16.000000000 +0100
@@ -987,8 +987,9 @@
buf = malloc(255);
if (buf == NULL) {
return stralloc("[ERROR: allocating strftime buffer]");
- };
- last = rrd_last(argc + 1, (char **) args - 1);
+ }
+ const char *newargs[] = { "rrdcgi", args[0], NULL };
+ last = rrd_last(2, (char **) (newargs));
if (rrd_test_error()) {
char *err =
malloc((strlen(rrd_get_error()) +
