I tried running Nagios 3.0.3 on a recent OpenBSD snapshot and (apart from
the gd problems due to a lack of libttf) hit on the problem that nagios
segfaults in mmap_fgets_multiline. Not on every run, but if it segfaults,
it always segfaults at the same place in the code.
It looks related to
http://archive.netbsd.se/?ml=nagios-users&a=2008-05&t=7383489
-------------- snip --------------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to process 11262, thread 0x81cf3000]
0x1c03c42d in mmap_fgets_multiline (temp_mmapfile=0x8318aca0) at utils.c:3486
3486 else if(buf[end]=='\\')
(gdb) l
3481 buf[end+1]='\x0';
3482 break;
3483 }
3484
3485 /* one backslash found, so we should continue reading
the next line */
3486 else if(buf[end]=='\\')
3487 buf[end]='\x0';
3488
3489 /* else no continuation marker was found, so break */
3490 else
(gdb) print end
$1 = -1
(gdb) print buf
$2 = 0x7ce6a000 "\n"
(gdb) bt
#0 0x1c03c42d in mmap_fgets_multiline (temp_mmapfile=0x8318aca0) at
utils.c:3486
#1 0x1c018757 in read_main_config_file (main_config_file=0x7cecc000
"/usr/local/nagios/etc/nagios.cfg") at config.c:281
#2 0x1c00e0b2 in main (argc=3, argv=0xcfbda84c) at nagios.c:475
(gdb)
It ssem to happen in different places in the input file, though:
(gdb) print *temp_mmapfile
$2 = {path = 0x80319600 "/usr/local/nagios/etc/nagios.cfg", mode = 0, fd = 8,
file_size = 42546, current_position = 8259, current_line = 244, mmap_buf =
0x7e4a2000}
$4 = {path = 0x80c68600 "/usr/local/nagios/etc/nagios.cfg", mode = 0, fd = 8,
file_size = 42546, current_position = 8710, current_line = 258, mmap_buf =
0x8af0c000}
$6 = {path = 0x7fd22340 "/usr/local/nagios/etc/nagios.cfg", mode = 0, fd = 8,
file_size = 42546, current_position = 6989, current_line = 211, mmap_buf =
0x883aa000}
$8 = {path = 0x7cb245c0 "/usr/local/nagios/etc/nagios.cfg", mode = 0, fd = 8,
file_size = 42546, current_position = 12151, current_line = 375, mmap_buf =
0x83b74000}
$9 = {path = 0x80fdd480 "/usr/local/nagios/etc/nagios.cfg", mode = 0, fd = 8,
file_size = 42546, current_position = 7212, current_line = 221, mmap_buf =
0x7c66f000}
Sometimes it even seems to get confused over the real end of the config files:
| LEN: 37, END: 35, BUF=# "TRUE" REGULAR EXPRESSION MATCHING
| BUFNOW: # "TRUE" REGULAR EXPRESSION MATCHING
| LEN: 65, END: 63, BUF=# This option controls whether or not
| Total Warnings: 0
| Total Errors: 0
|
| Things look okay - No serious problems were detected during the pre-flight
check
or
| LEN: 71, END: 69, BUF=# This directive is used to specify an event broker
module that should
| BUFNOW: # This directive is used to specify an event broker module that should
| LEN: 71, END: 69, BUF=# by loaded by Nagios at start
| Total Warnings: 0
| Total Errors: 0
|
| Things look okay - No serious problems were detected during the pre-flight
check
I think these lines make end negative if buf contains just an end of line:
3465 /* handle Windows/DOS CR/LF */
3466 if(len>=2 && buf[len-2]=='\r')
3467 end=len-3;
3468 /* normal Unix LF */
3469 else if(len>=1 && buf[len-1]=='\n')
3470 end=len-2;
3471 else
3472 end=len-1;
But apart from that I am completely confused, as I can see no source of
non-determinism in
the code. Maybe it is address randomization: sometimes buf is allocated at the
beginning
of a page, so buf[-1] segfaults, and sometimes not, so that the erroneous code
continues
to run, yielding undefined behaviour.
Memtest86+ shows nothing suspicious on the machine, so there seems to be no
involuntary
hardware RNG involved.
- Florian.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
