Red Hat Bugzilla – Bug 231856
lsraid segfaults reading /proc/partitions
Last modified: 2007-11-16 20:14:46 EST
Description of problem: The current raidtools hard codes a fixed line length of 100 chars that is used throughout the package when reading line-oriented data into a buffer (e.g. config files, /proc/mdstat, /proc/partitions etc.): raidtools-1.00.3/common.h: #define MAX_LINE_LENGTH (100) On systems with very large disks, the extended stats format in 2.4's /proc/partitions can easily exceed this size. Unfortunately, lsraid also lacks any error checking in the proc parsing code so we wind up with an uninitialised array member for these partitions & subsequent segfault: #0 0x0804a2a6 in load_partitions (ctxt=0x8a9a008) at lsraid.c:1061 #1 0x0804c0fd in main (argc=3, argv=0xbfff9af4) at lsraid.c:2633 Version-Release number of selected component (if applicable): 1.00.3 How reproducible: 100% on certain systems. The requirement is that any line in /proc/partitions exceeds 99 characters. Steps to Reproduce: 1. Check line lengths in /proc/partitions 2. Run "lsraid -R -p" Actual results: lsraid dies with a segfault Expected results: lsraid correctly outputs raidtab formatted data
Created attachment 149837 [details] Increase maximum line length to 256
I've built a new set of packages through brew that resolve this issue. Package version is 1.00.3-9.EL3. As soon as management approves this for the 3.9 release, I'll file an errata. In the meantime, this package can be used for a hotfix.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0451.html