Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 172598 - [RHEL4] tuxstat SIGSEGV
[RHEL4] tuxstat SIGSEGV
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ingo Molnar
Brian Brock
Depends On:
Blocks: 168429
  Show dependency treegraph
Reported: 2005-11-07 14:08 EST by Linda Wang
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2006-0132
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-07 15:38:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:808 normal SHIPPED_LIVE Important: kernel security update 2005-10-27 00:00:00 EDT
Red Hat Product Errata RHSA-2006:0132 qe-ready SHIPPED_LIVE Moderate: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 3 2006-03-09 11:31:00 EST

  None (edit)
Description Linda Wang 2005-11-07 14:08:31 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050512 Red Hat/1.0.4-1.4.1 Firefox/1.0.4

Description of problem:
Just testing tux; tuxstat always crashes for me.

# gdb /usr/sbin/tuxstat
(gdb) run
Starting program: /usr/sbin/tuxstat
Program received signal SIGSEGV, Segmentation fault.
0x004ca1d7 in rawmemchr () from /lib/tls/libc.so.6
(gdb) where
#0  0x004ca1d7 in rawmemchr () from /lib/tls/libc.so.6
#1  0x085c9613 in ?? ()
#2  0x004be200 in _IO_str_init_static_internal () from /lib/tls/libc.so.6
#3  0x004b19e7 in vsscanf () from /lib/tls/libc.so.6
#4  0x004ac8ad in sscanf () from /lib/tls/libc.so.6
#5  0x080486a2 in main (argc=1, argv=0x85c9613) at tuxstat.c:79

sscanf(tmp, "%i\n%n", &objectname_len, &parsed_chars);

at which point tmp = buf + 61 and len = 61 i.e. the sscanf is reading
past the end of the read() dat.

I'll attach my /proc/net/tux/stat.

Comment #1 From Joe Orton (jorton@redhat.com) 	on 2003-09-09 09:21 EST 	[reply] 	Private

Created an attachment (id=94324) [edit]

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.run RHEL4 kernel
2.gdb the /usr/sbin/tuxstat

Actual Results:  sscanf(tmp, "%i\n%n", &objectname_len, &parsed_chars);

at which point tmp = buf + 61 and len = 61 i.e. the sscanf is reading
past the end of the read() dat.

Expected Results:  not to read pass the end of the buffer

Additional info:
Comment 4 Red Hat Bugzilla 2006-03-07 15:38:28 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.