Created attachment 320254 [details] Attachment to include the function declaration and relevant header. Description of problem: Looks like log.h wasn't included as a header, so the compiler assumed the return type was int. When it returned a char, (smaller than int on 64 bit) the address that was pointed to was wrong,vsnprintf crashes due to accessing invalid memory. (gdb) bt #0 0x00002ad6fc9172b0 in strlen () from /lib64/libc.so.6 #1 0x00002ad6fc8e5729 in _IO_vfprintf_internal (s=0x7fffaf3b8f60, format=<value optimized out>, ap=0x7fffaf3b90e0) at vfprintf.c:1587 #2 0x00002ad6fc983b58 in ___vsnprintf_chk (s=0x7fffaf3b9100 "", maxlen=<value optimized out>, flags=1, slen=<value optimized out>, format=0x2ad6fb711a93 "%-10s : none%s", args=0x7fffaf3b90e0) at vsnprintf_chk.c:65 #3 0x00002ad6fbd57da6 in vty_out (vty=0x2ad6fe5dcb00, format=0x2ad6fb711a93 "%-10s : none%s") at vty.c:109 #4 0x00002ad6fb704002 in show_ip_protocol (self=<value optimized out>, vty=0x2ad6fe5dcb00, argc=<value optimized out>, argv=<value optimized out>) at zebra_vty.c:1990 #5 0x00002ad6fbd5ea36 in cmd_execute_command_real (vline=0x2ad6fe5dc6b0, vty=0x2ad6fe5dcb00, cmd=0x0) at command.c:2090 #6 0x00002ad6fbd5eb46 in cmd_execute_command (vline=0x2ad6fe5dc6b0, vty=0x2ad6fe5dcb00, cmd=0x0, vtysh=0) at command.c:2125 #7 0x00002ad6fbd585c8 in vty_command (vty=0x2ad6fe5dcb00, buf=<value optimized out>) at vty.c:364 #8 0x00002ad6fbd59550 in vty_execute (vty=0xfbd86502) at vty.c:1206 #9 0x00002ad6fbd5a02d in vty_read (thread=<value optimized out>) at vty.c:1419 #10 0x00002ad6fbd6316f in thread_call (thread=0x7fffaf3b9bf0) at thread.c:855 #11 0x00002ad6fb6f8f6d in main (argc=6, argv=0x7fffaf3b9de8) at main.c:381 Hello, this is Quagga (version 0.98.6). Copyright 1996-2005 Kunihiro Ishiguro, et al. User Access Verification Password: Router> Router> show ip protocolConnection closed by foreign host. Version-Release number of selected component (if applicable): quagga-0.98.6-5.el5.src.rpm How reproducible: Every time Actual results: Segfault. Expected results: Router> show ip protocol Protocol : route-map ------------------------ system : none kernel : none connected : none static : none rip : none ripng : none ospf : none ospf6 : none isis : none bgp : none hsls : none any : none Additional info: Patch attached.
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
Proposing again for 5.5.
*** This bug has been marked as a duplicate of bug 528583 ***