Description of problem: Current development version of udevinfo seems to have a stack buffer overflow: # udevinfo -ap /block/sdb &> udevinfo.out *** stack smashing detected ***: udevinfo terminated Aborted (core dumped) Version-Release number of selected component (if applicable): udev-095-14.9.el5 How reproducible: 100% on this system Steps to Reproduce: 1. Run "udevinfo -ap" on an entry in /sys/block, e.g.: # udevinfo -ap /block/sdb Actual results: Expected results: *** stack smashing detected ***: udevinfo terminated Aborted (core dumped) Additional info: Always seems to die at: looking at parent device '/devices/pci0000:00/0000:00:02.0/0000:05:00.3/0000:0a:01.0/host1': ID=="host1" BUS=="" DRIVER=="" SYSFS{optrom}==""
#0 0x00002aaaab154045 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x00002aaaab154045 in raise () from /lib64/libc.so.6 #1 0x00002aaaab155ae0 in abort () from /lib64/libc.so.6 #2 0x00002aaaab18c1bb in __libc_message () from /lib64/libc.so.6 #3 0x00002aaaab2071df in __stack_chk_fail () from /lib64/libc.so.6 #4 0x0000555555558f12 in sysfs_attr_get_value ( devpath=0x8 <Address 0x8 out of bounds>, attr_name=0x55556e446140 "�_DnUU") at udev_sysfs.c:399 #5 0x0000000000000000 in ?? ()
Sorry Harald - this is the kernel's doing, not udev: open("/sys/devices/pci0000:00/0000:00:02.0/0000:05:00.3/0000:0a:01.0/host1/nvram", O_RDONLY) = 8 read(8, "ISP \1\0\1\0\6\244\0\10\0\1\0\1\10\1!\0\0\340\213\217#"..., 128) = 256 close(8) = 0 open("/dev/tty", O_RDWR|O_NOCTTY|O_NONBLOCK) = 8
Attempting to read 128 bytes from this attribute: /sys/devices/pci0000:00/0000:00:02.0/0000:05:00.3/0000:0a:01.0/host1/nvram Actually reads 256 bytes into the buffer in userspace. Oops: open("/sys/devices/pci0000:00/0000:00:02.0/0000:05:00.3/0000:0a:01.0/host1/nvram", O_RDONLY) = 8 read(8, "ISP \1\0\1\0\6\244\0\10\0\1\0\1\10\1!\0\0\340\213\217#"..., 128) = 256
Seeing this on 2.6.18-32.el5 x86_64
Bug still upstream: commit 459c537807bd72cce7b007fb218bb5a658a6c3c1 Author: Andrew Vasquez <andrew.vasquez> Date: Wed Jul 6 10:31:07 2005 -0700 [SCSI] qla2xxx: Add ISP24xx flash-manipulation routines. Add ISP24xx flash-manipulation routines. Add read/write flash manipulation routines for the ISP24xx. Update sysfs NVRAM objects to use generalized accessor functions. Signed-off-by: Andrew Vasquez <andrew.vasquez> Signed-off-by: James Bottomley <James.Bottomley>
then reassign to kernel
weird - I had, but for some reason bugzilla decided to ignore that
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).