Bug 172598 - [RHEL4] tuxstat SIGSEGV
Summary: [RHEL4] tuxstat SIGSEGV
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Ingo Molnar
QA Contact: Brian Brock
Depends On:
Blocks: 168429
TreeView+ depends on / blocked
Reported: 2005-11-07 19:08 UTC by Linda Wang
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2006-03-07 20:38:28 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:808 normal SHIPPED_LIVE Important: kernel security update 2005-10-27 04:00:00 UTC
Red Hat Product Errata RHSA-2006:0132 qe-ready SHIPPED_LIVE Moderate: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 3 2006-03-09 16:31:00 UTC

Description Linda Wang 2005-11-07 19:08:31 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050512 Red Hat/1.0.4-1.4.1 Firefox/1.0.4

Description of problem:
Just testing tux; tuxstat always crashes for me.

# gdb /usr/sbin/tuxstat
(gdb) run
Starting program: /usr/sbin/tuxstat
Program received signal SIGSEGV, Segmentation fault.
0x004ca1d7 in rawmemchr () from /lib/tls/libc.so.6
(gdb) where
#0  0x004ca1d7 in rawmemchr () from /lib/tls/libc.so.6
#1  0x085c9613 in ?? ()
#2  0x004be200 in _IO_str_init_static_internal () from /lib/tls/libc.so.6
#3  0x004b19e7 in vsscanf () from /lib/tls/libc.so.6
#4  0x004ac8ad in sscanf () from /lib/tls/libc.so.6
#5  0x080486a2 in main (argc=1, argv=0x85c9613) at tuxstat.c:79

sscanf(tmp, "%i\n%n", &objectname_len, &parsed_chars);

at which point tmp = buf + 61 and len = 61 i.e. the sscanf is reading
past the end of the read() dat.

I'll attach my /proc/net/tux/stat.

Comment #1 From Joe Orton (jorton@redhat.com) 	on 2003-09-09 09:21 EST 	[reply] 	Private

Created an attachment (id=94324) [edit]

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.run RHEL4 kernel
2.gdb the /usr/sbin/tuxstat

Actual Results:  sscanf(tmp, "%i\n%n", &objectname_len, &parsed_chars);

at which point tmp = buf + 61 and len = 61 i.e. the sscanf is reading
past the end of the read() dat.

Expected Results:  not to read pass the end of the buffer

Additional info:

Comment 4 Red Hat Bugzilla 2006-03-07 20:38:28 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.