Your message dated Sun, 14 Mar 2010 14:16:14 +0100 with message-id <20100314131614.gv5...@chough.tokkee.org> has caused the report #573638, regarding rrdtool: rrdcgi crashes at printlasttime() to be marked as having been forwarded to the upstream software author(s) rrd-develop...@lists.oetiker.ch
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 573638: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573638 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Hi Robert, On Thu, Mar 11, 2010 at 01:34:01PM +0100, Robert Luberda wrote: > iptotal.cgi (from the iptotal package) contains the following line > <RRD::TIME::LAST /var/lib/iptotal/iptotal.rrd %c> > which causes rrdcgi to crash with the following backtrace: > > (gdb) bt > #0 strlen () at ../sysdeps/i386/i486/strlen.S:40 > #1 0xb73a681e in _IO_vfprintf_internal (s=0xbfa4086c, > format=0xb781edd0 "Usage: rrdtool %s [--daemon <addr>] <file>", > ap=0xbfa40988 "\021\001\202ˇ") > at vfprintf.c:1601 > #2 0xb73c56b4 in _IO_vsnprintf (string=0xb78269c0 "Usage: rrdtool ", > maxlen=4096, > format=0xb781edd0 "Usage: rrdtool %s [--daemon <addr>] <file>", > args=0xbfa40984 "\211") > at vsnprintf.c:120 > #3 0xb78140c4 in rrd_set_error () from /usr/lib/librrd.so.4 > #4 0xb7805be4 in rrd_last () from /usr/lib/librrd.so.4 > #5 0x0804b211 in printtimelast () > #6 0x0804aa83 in ?? () > #7 0x0804c265 in ?? () > #8 0xb737bb55 in __libc_start_main (main=0x804bf70, argc=2, > ubp_av=0xbfa40bb4, init=0x804c5c0, > fini=0x804c5b0, rtld_fini=0xb78629b0 <_dl_fini>, > stack_end=0xbfa40bac) at libc-start.c:222 Thanks for reporting this! > Afer some investigation, I found that the problem is in the line 991 > of rrd_cgi.c: > > last = rrd_last(argc + 1, (char **) args - 1); > > The first argument of rrd_last() should obviously be argc (which is 2), > not argc + 1. Also please note that second argument of the function > refers to address before the start of the array, which seems to > be a very bad programming style, and which in fact is a root cause of the > crash as rrd_last() tries to display argv[0] in an error message. Ouch! What an ugly hack … > The attached patch fixes the problem. Thanks for tracing that back and providing a patch! Imho, the patch looks fine. With this E-mail, I'm forwarding the issue and the patch upstream, hoping for inclusion in the upstream SVN. I'll upload a fixed package to Debian soonish. Cheers, Sebastian -- Sebastian "tokkee" Harl +++ GnuPG-ID: 0x8501C7FC +++ http://tokkee.org/ Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin--- rrdtool-1.4.2.old/src/rrd_cgi.c 2009-11-15 12:54:23.000000000 +0100 +++ rrdtool-1.4.2/src/rrd_cgi.c 2010-03-11 13:31:16.000000000 +0100 @@ -987,8 +987,9 @@ buf = malloc(255); if (buf == NULL) { return stralloc("[ERROR: allocating strftime buffer]"); - }; - last = rrd_last(argc + 1, (char **) args - 1); + } + const char *newargs[] = { "rrdcgi", args[0], NULL }; + last = rrd_last(2, (char **) (newargs)); if (rrd_test_error()) { char *err = malloc((strlen(rrd_get_error()) +signature.asc
Description: Digital signature
--- End Message ---