Bug#573638: marked as done (rrdtool: rrdcgi crashes at printlasttime())

Debian Bug Tracking System Sun, 21 Mar 2010 15:40:18 -0700

Your message dated Sun, 21 Mar 2010 22:32:51 +0000
with message-id <e1nttht-0003jt...@ries.debian.org>
and subject line Bug#573638: fixed in rrdtool 1.4.2-2
has caused the Debian Bug report #573638,
regarding rrdtool: rrdcgi crashes at printlasttime()
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
573638: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573638
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: rrdtool
Version: 1.4.2-1+b1
Severity: serious
Justification: breaks iptotal

Hi,

iptotal.cgi (from the iptotal package) contains the following line
<RRD::TIME::LAST /var/lib/iptotal/iptotal.rrd %c>
which causes rrdcgi to crash with the following backtrace:

(gdb) bt
#0  strlen () at ../sysdeps/i386/i486/strlen.S:40
#1  0xb73a681e in _IO_vfprintf_internal (s=0xbfa4086c,
    format=0xb781edd0 "Usage: rrdtool %s [--daemon <addr>] <file>",
ap=0xbfa40988 "\021\001\202ˇ")
    at vfprintf.c:1601
#2  0xb73c56b4 in _IO_vsnprintf (string=0xb78269c0 "Usage: rrdtool ",
maxlen=4096,
    format=0xb781edd0 "Usage: rrdtool %s [--daemon <addr>] <file>",
args=0xbfa40984 "\211")
    at vsnprintf.c:120
#3  0xb78140c4 in rrd_set_error () from /usr/lib/librrd.so.4
#4  0xb7805be4 in rrd_last () from /usr/lib/librrd.so.4
#5  0x0804b211 in printtimelast ()
#6  0x0804aa83 in ?? ()
#7  0x0804c265 in ?? ()
#8  0xb737bb55 in __libc_start_main (main=0x804bf70, argc=2,
ubp_av=0xbfa40bb4, init=0x804c5c0,
    fini=0x804c5b0, rtld_fini=0xb78629b0 <_dl_fini>,
stack_end=0xbfa40bac) at libc-start.c:222


Afer some investigation, I found that the problem is in the line 991 
of rrd_cgi.c:

  last = rrd_last(argc + 1, (char **) args - 1);

The first argument of rrd_last() should obviously be argc (which is 2),
not argc + 1.  Also please note that second argument of the function
refers to address before the start of the array, which seems to 
be a very bad programming style, and which in fact is a root cause of the 
crash as rrd_last() tries to display argv[0] in an error message.

The attached patch fixes the problem.

Regards,
robert




-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (200, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/pdksh

Versions of packages rrdtool depends on:
ii  libc6                    2.10.2-6        Embedded GNU C Library: Shared lib
ii  libcairo2                1.8.10-2        The Cairo 2D vector graphics libra
ii  libdbi0                  0.8.2-3         Database Independent Abstraction L
ii  libglib2.0-0             2.22.4-1        The GLib library of C routines
ii  libpango1.0-0            1.26.2-1        Layout and rendering of internatio
ii  libpng12-0               1.2.43-1        PNG library - runtime
ii  librrd4                  1.4.2-1+b1      time-series data storage and displ
ii  libxml2                  2.7.6.dfsg-2+b1 GNOME XML library

rrdtool recommends no packages.

Versions of packages rrdtool suggests:
pn  librrds-perl                  <none>     (no description available)

-- no debconf information

-- debsums errors found:
debsums: changed file /usr/bin/rrdcgi (from rrdtool package)

--- rrdtool-1.4.2.old/src/rrd_cgi.c	2009-11-15 12:54:23.000000000 +0100
+++ rrdtool-1.4.2/src/rrd_cgi.c	2010-03-11 13:31:16.000000000 +0100
@@ -987,8 +987,9 @@
         buf = malloc(255);
         if (buf == NULL) {
             return stralloc("[ERROR: allocating strftime buffer]");
-        };
-        last = rrd_last(argc + 1, (char **) args - 1);
+        }
+        const char *newargs[] = { "rrdcgi", args[0], NULL };
+        last = rrd_last(2, (char **) (newargs));
         if (rrd_test_error()) {
             char     *err =
                 malloc((strlen(rrd_get_error()) +

--- End Message ---

--- Begin Message ---

Source: rrdtool
Source-Version: 1.4.2-2

We believe that the bug you reported is fixed in the latest version of
rrdtool, which is due to be installed in the Debian FTP archive:

liblua5.1-rrd-dev_1.4.2-2_powerpc.deb
  to main/r/rrdtool/liblua5.1-rrd-dev_1.4.2-2_powerpc.deb
liblua5.1-rrd0_1.4.2-2_powerpc.deb
  to main/r/rrdtool/liblua5.1-rrd0_1.4.2-2_powerpc.deb
librrd-dev_1.4.2-2_powerpc.deb
  to main/r/rrdtool/librrd-dev_1.4.2-2_powerpc.deb
librrd-ruby1.8_1.4.2-2_powerpc.deb
  to main/r/rrdtool/librrd-ruby1.8_1.4.2-2_powerpc.deb
librrd-ruby1.9.1_1.4.2-2_powerpc.deb
  to main/r/rrdtool/librrd-ruby1.9.1_1.4.2-2_powerpc.deb
librrd-ruby_1.4.2-2_all.deb
  to main/r/rrdtool/librrd-ruby_1.4.2-2_all.deb
librrd4_1.4.2-2_powerpc.deb
  to main/r/rrdtool/librrd4_1.4.2-2_powerpc.deb
librrdp-perl_1.4.2-2_all.deb
  to main/r/rrdtool/librrdp-perl_1.4.2-2_all.deb
librrds-perl_1.4.2-2_powerpc.deb
  to main/r/rrdtool/librrds-perl_1.4.2-2_powerpc.deb
python-rrdtool_1.4.2-2_powerpc.deb
  to main/r/rrdtool/python-rrdtool_1.4.2-2_powerpc.deb
rrdcached_1.4.2-2_powerpc.deb
  to main/r/rrdtool/rrdcached_1.4.2-2_powerpc.deb
rrdtool-dbg_1.4.2-2_powerpc.deb
  to main/r/rrdtool/rrdtool-dbg_1.4.2-2_powerpc.deb
rrdtool-tcl_1.4.2-2_powerpc.deb
  to main/r/rrdtool/rrdtool-tcl_1.4.2-2_powerpc.deb
rrdtool_1.4.2-2.diff.gz
  to main/r/rrdtool/rrdtool_1.4.2-2.diff.gz
rrdtool_1.4.2-2.dsc
  to main/r/rrdtool/rrdtool_1.4.2-2.dsc
rrdtool_1.4.2-2_powerpc.deb
  to main/r/rrdtool/rrdtool_1.4.2-2_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 573...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Harl <tok...@debian.org> (supplier of updated rrdtool package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 21 Mar 2010 21:37:37 +0100
Source: rrdtool
Binary: rrdtool rrdcached rrdtool-dbg librrd4 librrd-dev librrds-perl 
librrdp-perl rrdtool-tcl python-rrdtool librrd-ruby librrd-ruby1.8 
librrd-ruby1.9.1 liblua5.1-rrd0 liblua5.1-rrd-dev
Architecture: source powerpc all
Version: 1.4.2-2
Distribution: unstable
Urgency: low
Maintainer: Debian RRDtool Team <rrdt...@ml.snow-crash.org>
Changed-By: Sebastian Harl <tok...@debian.org>
Description: 
 liblua5.1-rrd-dev - time-series data storage and display system (Lua 5.1 
development)
 liblua5.1-rrd0 - time-series data storage and display system (Lua 5.1 
interface)
 librrd-dev - time-series data storage and display system (development)
 librrd-ruby - time-series data storage and display system (Ruby interface)
 librrd-ruby1.8 - time-series data storage and display system (Ruby 1.8 
interface)
 librrd-ruby1.9.1 - time-series data storage and display system (Ruby 1.9.1 
interface
 librrd4    - time-series data storage and display system (runtime library)
 librrdp-perl - time-series data storage and display system (Perl interface, 
pipe
 librrds-perl - time-series data storage and display system (Perl interface, 
shar
 python-rrdtool - time-series data storage and display system (Python interface)
 rrdcached  - data caching daemon for RRDtool
 rrdtool    - time-series data storage and display system (programs)
 rrdtool-dbg - time-series data storage and display system (debugging symbols)
 rrdtool-tcl - time-series data storage and display system (Tcl interface)
Closes: 573299 573638
Changes: 
 rrdtool (1.4.2-2) unstable; urgency=low
 .
   * debian/patches:
     - Added bts573638-rrdcgi-segfault: upstream patch fixing a segfault in
       rrdcgi's printlasttime() (and possibly others); thanks to Robert Luberda
       for reporting this (Closes: #573638).
     - Added bts573299-rrdgraph-M: fix short option parsing in rrd_graph() --
       added support for '-M' as documented in the manpage; thanks to Ralf
       Hildebrandt for reporting this (Closes: #573299).
   * debian/control:
     - Updated Standards-Version to 3.8.4 -- no changes.
Checksums-Sha1: 
 d5d2bda6e8e5f166768ac4f895e5993dd7be5fe9 1800 rrdtool_1.4.2-2.dsc
 a7c4684686ae4bbad22b2c187c5d203f41cda1c6 25704 rrdtool_1.4.2-2.diff.gz
 16a97a2bf5675a7387dfc19b93720cc398bae9cf 454094 rrdtool_1.4.2-2_powerpc.deb
 300836a25e0542384bf6f85b05c92427ebfbf3c1 139470 rrdcached_1.4.2-2_powerpc.deb
 40335b71996cf2c22e772e213f1ea1e02399be91 619104 rrdtool-dbg_1.4.2-2_powerpc.deb
 604fbe5f7438da204b0a7ea6ab14da8dc306eb7f 337728 librrd4_1.4.2-2_powerpc.deb
 a99441ddf3a1a2d4ead791d27686ad8078ffd1bd 390198 librrd-dev_1.4.2-2_powerpc.deb
 d3fb574ba0d106de95749f61fcd218700df869d3 111544 
librrds-perl_1.4.2-2_powerpc.deb
 023ccff909f075968b71cc8d6c24adb62de169cc 100328 rrdtool-tcl_1.4.2-2_powerpc.deb
 8ab75d38a0c824170f099d2e97076360fc9a6f53 103070 
python-rrdtool_1.4.2-2_powerpc.deb
 a98a26ba0a55703957923a1cd2c36b00f5222115 99024 
librrd-ruby1.8_1.4.2-2_powerpc.deb
 df19d830fb4ea3eb5f811925122fe3c3939d3db1 99302 
librrd-ruby1.9.1_1.4.2-2_powerpc.deb
 cdb4ff844b3afd6d4c3f712844247024e737c744 98592 
liblua5.1-rrd0_1.4.2-2_powerpc.deb
 b8076a51eec45332a9f026e108367ff4b8296fcd 104062 
liblua5.1-rrd-dev_1.4.2-2_powerpc.deb
 0c7ea13d2fba871214bbc3afec28113d65feb1b2 99518 librrdp-perl_1.4.2-2_all.deb
 bd8e837941f3cfabee8dd88b0314ce34dab447c1 1002 librrd-ruby_1.4.2-2_all.deb
Checksums-Sha256: 
 8bc12a938a5669c3c9c95cd5facdfcb5c1814be92fa03220f3a1ab8c494c0dd1 1800 
rrdtool_1.4.2-2.dsc
 a8a31d4fda29915fb1a2c65118e9e5d7b65a63ee8a610e139f1d7cc7170e326e 25704 
rrdtool_1.4.2-2.diff.gz
 524fd16a2ff2e7a7e08099ce65b4efaa67441c96199081f2c9c4ddb88e2bc10e 454094 
rrdtool_1.4.2-2_powerpc.deb
 f6d6b680ecb34ba229dd4301585e0cf20459b86668889dc2a7e984b6159d4e28 139470 
rrdcached_1.4.2-2_powerpc.deb
 e748d58dd8a76399264c4fd25e7c73a59cabe12b69c8e10d3d53c095de86bc58 619104 
rrdtool-dbg_1.4.2-2_powerpc.deb
 51dcb5c0f3065ed648e1d79e25949bc021c03f1d7fe39a85602efce8428d7959 337728 
librrd4_1.4.2-2_powerpc.deb
 87e654378f75dcf65c75a1d050eba2f8c4427c731e9b653c2b37f97c2f0008c2 390198 
librrd-dev_1.4.2-2_powerpc.deb
 2d09b1532a6d7d8d97847b09b4cfa3588134d3f24c84fe69c74323046e52f024 111544 
librrds-perl_1.4.2-2_powerpc.deb
 b0cfcc7fb388c415b8c9e8ca1a11a6ac09fbab64b6045e88fde92038522d8e52 100328 
rrdtool-tcl_1.4.2-2_powerpc.deb
 030a3d91f5994ec3567f6f8471acae0b9cf677ca28f7fba1163161632259472b 103070 
python-rrdtool_1.4.2-2_powerpc.deb
 a85b9cffd350c14e2f25be7bf847206c8cbf883ecaffa48ae2c4129e7350883d 99024 
librrd-ruby1.8_1.4.2-2_powerpc.deb
 d9a10a701b7d9174a2d68820302e0496c1dc04d6dc5ba6bef84bfaac9da9e23a 99302 
librrd-ruby1.9.1_1.4.2-2_powerpc.deb
 380730702c8e2046ad598e97b71faad1bfcc330536df02c42c8a309d842c7517 98592 
liblua5.1-rrd0_1.4.2-2_powerpc.deb
 2b5e9f30fb9bcdc314efdd6676976ff22cf83cc0c8ace7043ce3862f86225771 104062 
liblua5.1-rrd-dev_1.4.2-2_powerpc.deb
 3be966b82c34eb6a12f15d020e9a3296c978a192c8e7029debedf299f39f987f 99518 
librrdp-perl_1.4.2-2_all.deb
 10ab098de85022eba4326098b90e4c0925f20d19fe005c24613d166ee56ee72e 1002 
librrd-ruby_1.4.2-2_all.deb
Files: 
 762081e318d2c33a6e5a26d8d9cec872 1800 utils optional rrdtool_1.4.2-2.dsc
 b73866cffb6e86d9d0f422bdda9a89ee 25704 utils optional rrdtool_1.4.2-2.diff.gz
 5b48503d10f98608cd1b7f4d92049f8e 454094 utils optional 
rrdtool_1.4.2-2_powerpc.deb
 af36afdc7b1e490cf45e51ecb9465806 139470 utils optional 
rrdcached_1.4.2-2_powerpc.deb
 01847afc03a99879748095e3394591fa 619104 debug extra 
rrdtool-dbg_1.4.2-2_powerpc.deb
 d9726e92a4aaf55f86ba55b3ffff252d 337728 libs optional 
librrd4_1.4.2-2_powerpc.deb
 f1996ed681e261e41607e44411c4324b 390198 libdevel optional 
librrd-dev_1.4.2-2_powerpc.deb
 739ce466f31d105deb8b447d67132571 111544 perl optional 
librrds-perl_1.4.2-2_powerpc.deb
 7103095bb73a0fdcf8405a0b8ccd5646 100328 utils optional 
rrdtool-tcl_1.4.2-2_powerpc.deb
 d2439a04405bc343c498cd5f6ab79431 103070 python optional 
python-rrdtool_1.4.2-2_powerpc.deb
 b10dccf8715a1e1b54d0c5bda3455d79 99024 ruby optional 
librrd-ruby1.8_1.4.2-2_powerpc.deb
 563aa78dbda1a73477ec6a91df099f28 99302 ruby optional 
librrd-ruby1.9.1_1.4.2-2_powerpc.deb
 5ac119aa95b2ebb3694fbe22dd0400a9 98592 interpreters optional 
liblua5.1-rrd0_1.4.2-2_powerpc.deb
 b7475cc3a357932e9e0e2b4b95b37ceb 104062 libdevel optional 
liblua5.1-rrd-dev_1.4.2-2_powerpc.deb
 90d5af8528dad278362e35c346a131a3 99518 perl optional 
librrdp-perl_1.4.2-2_all.deb
 295a930b0a8b1098c6223fdc46c7065c 1002 ruby optional librrd-ruby_1.4.2-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkumkskACgkQEFEKc4UBx/x5GgCffqDoaBaWi1O7D837PsKQ/wP6
uzkAn3sOyX0YyceT1YG5dZ1J2LVs5WlV
=PVqt
-----END PGP SIGNATURE-----

--- End Message ---

Bug#573638: marked as done (rrdtool: rrdcgi crashes at printlasttime())

Reply via email to