[Xymon] buffer overflow detected in xymongen (4.3.21)

Axel Beckert beckert at phys.ethz.ch
Fri Oct 2 13:32:51 CEST 2015


Hi,

On Tue, Sep 29, 2015 at 10:40:32AM -0700, Japheth Cleaver wrote:
> Would you be able to do a full BT on one of those core dumps?

Today it finally crashed again after I deployed the debug
packages. (It's seldom that I'm so happy to see a core dump. ;-)

Here's the most recent backtrace:

Reading symbols from /usr/lib/xymon/server/bin/xymongen...done.
Reading symbols from /usr/lib/debug/.build-id/c8/bc967d123c1a308a9973d19da8c2357af16a6d.debug...done.
[New LWP 154856]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `xymongen --recentgifs --subpagecolumns=2 --wml --rss --nongreen-ignorecolumns=l'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f29044aa107 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007f29044aa107 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007f29044ab4e8 in __GI_abort () at abort.c:89
#2  0x00007f29044e8204 in __libc_message (do_abort=do_abort at entry=2, fmt=fmt at entry=0x7f29045d8a2b "*** %s ***: %s terminated\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007f290456b4c7 in __GI___fortify_fail (msg=msg at entry=0x7f29045d89c2 "buffer overflow detected") at fortify_fail.c:31
#4  0x00007f29045696e0 in __GI___chk_fail () at chk_fail.c:28
#5  0x000000000040d526 in strcpy (__src=<optimized out>, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string3.h:104
#6  generate_wml_statuscard (host=<optimized out>, entry=<optimized out>) at wmlgen.c:150
#7  do_wml_cards (webdir=0x7f29045d0200 <_itoa_lower_digits> "0123456789abcdefghijklmnopqrstuvwxyz") at wmlgen.c:296
#8  0x0000000000403b72 in main (argc=4404274, argv=0x25ce8) at xymongen.c:678
(gdb) 

And here's the oldest one:

Reading symbols from /usr/lib/xymon/server/bin/xymongen...done.
Reading symbols from /usr/lib/debug/.build-id/c8/bc967d123c1a308a9973d19da8c2357af16a6d.debug...done.
[New LWP 122254]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `xymongen --recentgifs --subpagecolumns=2 --wml --rss --nongreen-ignorecolumns=l'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f12adf18107 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007f12adf18107 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007f12adf194e8 in __GI_abort () at abort.c:89
#2  0x00007f12adf56204 in __libc_message (do_abort=do_abort at entry=2, fmt=fmt at entry=0x7f12ae046a2b "*** %s ***: %s terminated\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007f12adfd94c7 in __GI___fortify_fail (msg=msg at entry=0x7f12ae0469c2 "buffer overflow detected") at fortify_fail.c:31
#4  0x00007f12adfd76e0 in __GI___chk_fail () at chk_fail.c:28
#5  0x000000000040d526 in strcpy (__src=<optimized out>, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string3.h:104
#6  generate_wml_statuscard (host=<optimized out>, entry=<optimized out>) at wmlgen.c:150
#7  do_wml_cards (webdir=0x7f12ae03e200 <_itoa_lower_digits> "0123456789abcdefghijklmnopqrstuvwxyz") at wmlgen.c:296
#8  0x0000000000403b72 in main (argc=4404274, argv=0x1dd8e) at xymongen.c:678
(gdb) 

They look more or less identical to me.

It's indeed in the WML generation code, should be this line here:
https://sources.debian.net/src/xymon/4.3.21-1/xymongen/wmlgen.c/#L150

HTH

		Kind regards, Axel Beckert
-- 
Axel Beckert <beckert at phys.ethz.ch>       support: +41 44 633 26 68
IT Services Group, HPT H 6                  voice: +41 44 633 41 89
Departement of Physics, ETH Zurich
CH-8093 Zurich, Switzerland		   http://nic.phys.ethz.ch/



More information about the Xymon mailing list