Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Occasional crash with large amounts of data #38

Closed
jccleaver opened this Issue · 2 comments

2 participants

Japheth "J.C." Cleaver David Schweikert
Japheth "J.C." Cleaver

I'm still trying to isolate a reproducible case, as this is being sent directly from our monitoring system (which varies with each run), but the following crash occurred on a heavily loaded RHEL6 system.

*** buffer overflow detected ***: /usr/sbin/fping terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f17cd7d7d47]
/lib64/libc.so.6(+0xffc30)[0x7f17cd7d5c30]
/lib64/libc.so.6(+0xff089)[0x7f17cd7d5089]
/lib64/libc.so.6(_IO_default_xsputn+0xc9)[0x7f17cd74a0e9]
/lib64/libc.so.6(_IO_vfprintf+0x101a)[0x7f17cd71b27a]
/lib64/libc.so.6(__vsprintf_chk+0x9d)[0x7f17cd7d512d]
/lib64/libc.so.6(__sprintf_chk+0x7f)[0x7f17cd7d506f]
/usr/sbin/fping[0x401a95]
/usr/sbin/fping[0x4034dd]
/usr/sbin/fping[0x4035d7]
/usr/sbin/fping[0x40450e]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7f17cd6f4cdd]
/usr/sbin/fping[0x401379]
======= Memory map: ========
00400000-00407000 r-xp 00000000 fd:00 1971659 /usr/sbin/fping
00606000-00607000 rw-p 00006000 fd:00 1971659 /usr/sbin/fping
00607000-00608000 rw-p 00000000 00:00 0
014a6000-014c7000 rw-p 00000000 00:00 0 [heap]
7f17cd2b2000-7f17cd2c8000 r-xp 00000000 fd:00 1292474 /lib64/libgcc_s-4.4.6-20120305.so.1
7f17cd2c8000-7f17cd4c7000 ---p 00016000 fd:00 1292474 /lib64/libgcc_s-4.4.6-20120305.so.1
7f17cd4c7000-7f17cd4c8000 rw-p 00015000 fd:00 1292474 /lib64/libgcc_s-4.4.6-20120305.so.1
7f17cd4c8000-7f17cd4d4000 r-xp 00000000 fd:00 2883613 /lib64/libnss_files-2.12.so
7f17cd4d4000-7f17cd6d4000 ---p 0000c000 fd:00 2883613 /lib64/libnss_files-2.12.so
7f17cd6d4000-7f17cd6d5000 r--p 0000c000 fd:00 2883613 /lib64/libnss_files-2.12.so
7f17cd6d5000-7f17cd6d6000 rw-p 0000d000 fd:00 2883613 /lib64/libnss_files-2.12.so
7f17cd6d6000-7f17cd85f000 r-xp 00000000 fd:00 2883597 /lib64/libc-2.12.so
7f17cd85f000-7f17cda5f000 ---p 00189000 fd:00 2883597 /lib64/libc-2.12.so
7f17cda5f000-7f17cda63000 r--p 00189000 fd:00 2883597 /lib64/libc-2.12.so
7f17cda63000-7f17cda64000 rw-p 0018d000 fd:00 2883597 /lib64/libc-2.12.so
7f17cda64000-7f17cda69000 rw-p 00000000 00:00 0
7f17cda69000-7f17cda89000 r-xp 00000000 fd:00 2883587 /lib64/ld-2.12.so
7f17cdc76000-7f17cdc79000 rw-p 00000000 00:00 0
7f17cdc85000-7f17cdc88000 rw-p 00000000 00:00 0
7f17cdc88000-7f17cdc89000 r--p 0001f000 fd:00 2883587 /lib64/ld-2.12.so
7f17cdc89000-7f17cdc8a000 rw-p 00020000 fd:00 2883587 /lib64/ld-2.12.so
7f17cdc8a000-7f17cdc8b000 rw-p 00000000 00:00 0
7fffb24de000-7fffb24f4000 rw-p 00000000 00:00 0 [stack]
7fffb25ff000-7fffb2600000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted

Compiled with: gcc -DHAVE_CONFIG_H -I. -I.. -DENABLE_F_OPTION -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -MT fping.o -MD -MP -MF .deps/fping.Tpo -c -o fping.o fping.c

Japheth "J.C." Cleaver

This seems to be an issue with the buffer size in the sprint_tm function (the only sprintf area that seems to apply). Not certain what the minimum actual size needed for this is, but bumping it up on my x86_64 box fixed the issue.

--- src/fping.c.buf 2012-09-04 00:27:51.000000000 -0700
+++ src/fping.c 2013-04-16 18:58:52.085278646 -0700
@@ -2532,7 +2532,7 @@
 
 char * sprint_tm( int t )
 {
-    static char buf[10];
+    static char buf[34];
 
     /* 
David Schweikert
Owner

Fixed in fping 3.5

David Schweikert schweikert closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.