Bug 59760 - Reading systemStats table segfaults snmpd
Reading systemStats table segfaults snmpd
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: ucd-snmp (Show other bugs)
7.2
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Phil Knirsch
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-02-12 15:42 EST by Hrunting Johnson
Modified: 2015-03-04 20:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-04-09 08:45:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Hrunting Johnson 2002-02-12 15:42:27 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461)

Description of problem:
I have an 8-way Compaq Proliant 8500 server.  When trying to fetch the 
systemStats snmp table with snmpwalk, snmpd segfaults.  No core file is left on 
the system to backtrace.  Other tables work fine.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Start snmpd
2. MIBS=ALL snmpwalk <ip> <community> systemStats
3. Wait
	

Actual Results:  The snmpwalk times out.  The snmpd server has segfaulted.

Expected Results:  The systemStats table should return its information and 
snmpd should still be running afterwards.

Additional info:

This is happening both with the ucd-snmp-4.2.1-7 package from RH7.2 updates and 
the ucd-snmp-4.2.3-5 package from rawhide.  I have the 4.2.1-7 package running 
on another two-way box just fine (querying the same table works).  Here's an 
strace from the snmpd process when the query is performed:

select(6, [4 5], [], [], NULL)          = 1 (in [5])
recvfrom(5, "0*\2\1\0\4\7j0ll13s\241\34\2\4h\272.\374\2\1\0\2\1\000"..., 8192, 
0, {sin_family=AF_INET, sin_port=htons(32943), sin_addr=inet_addr
("216.166.60.74")}}, [16]) = 44
sendto(5, "0-\2\1\0\4\7j0ll13s\242\37\2\4h\272.\374\2\1\0\2\1\000"..., 47, 0, 
{sin_family=AF_INET, sin_port=htons(32943), sin_addr=inet_addr
("216.166.60.74")}}, 16) = 47
gettimeofday({1013545003, 633208}, NULL) = 0
select(6, [4 5], [], [], NULL)          = 1 (in [5])
recvfrom(5, "0,\2\1\0\4\7j0ll13s\241\36\2\4h\272.\375\2\1\0\2\1\000"..., 8192, 
0, {sin_family=AF_INET, sin_port=htons(32943), sin_addr=inet_addr
("216.166.60.74")}}, [16]) = 46
sendto(5, "07\2\1\0\4\7j0ll13s\242)\2\4h\272.\375\2\1\0\2\1\0000\033"..., 57, 
0, {sin_family=AF_INET, sin_port=htons(32943), sin_addr=inet_addr
("216.166.60.74")}}, 16) = 57
gettimeofday({1013545003, 634503}, NULL) = 0
select(6, [4 5], [], [], NULL)          = 1 (in [5])
recvfrom(5, "0,\2\1\0\4\7j0ll13s\241\36\2\4h\272.\376\2\1\0\2\1\000"..., 8192, 
0, {sin_family=AF_INET, sin_port=htons(32943), sin_addr=inet_addr
("216.166.60.74")}}, [16]) = 46
open("/proc/stat", O_RDONLY)            = 7
read(7, "cpu  56703 73 201398 86198962\ncp"..., 1023) = 1023
close(7)                                = 0
--- SIGSEGV (Segmentation fault) ---

Again, no core file is left to backtrace.
Comment 1 Hrunting Johnson 2002-02-12 16:11:50 EST
It looks like the reason it faults is because it doesn't read enough 
information from /proc/stat.  Here's a quick fix patch which at least works for 
me (my /proc/stat is about 2200 bytes in size, and I don't think anyone is 
going to go over 4096 bytes), but I think a better fix is to make sure to read 
enough information from /proc/stat to have all the data you need by iterating 
until everything needed is either found or the entire file is read (in this 
case, the ctxt information wasn't read because it fell outside of the default 
1024 byte range).

diff -u follows


--- ucd-snmp-4.2.3/agent/mibgroup/ucd-snmp/vmstat.c.orig        Tue Feb 12 
15:07:45 2002
+++ ucd-snmp-4.2.3/agent/mibgroup/ucd-snmp/vmstat.c     Tue Feb 12 14:57:24 2002
@@ -146,7 +146,7 @@
 
 
 #define VMSTAT_FILE "/proc/stat"
-#define BUFFSIZE 1024
+#define BUFFSIZE 4096
 static char buff[BUFFSIZE];
 
 void getstat(unsigned long *cuse, unsigned long *cice, unsigned long *csys,

Comment 2 Phil Knirsch 2002-02-24 12:57:07 EST
Sounds as if your /proc/stat is quite large ;-)

Anyway, it sounds very reasonable to me to increase this buffer or even to make
it dynamic. It will be fixed in the next rawhide version.

Read ya, Phil
Comment 3 Phil Knirsch 2002-04-09 08:45:20 EDT
The updated to 4.2.4 should fix this problem as the code has been rewritten and
no static buffers are used anymore.

If you could give the latest rawhide version an report if it fixes the problem
you see i'd greately appreciate it.

Thanks,

Read ya, Phil
Comment 4 Phil Knirsch 2002-07-25 08:32:47 EDT
No news is good news, so i assume that the updated fixed the problem. :-)

If not, feel free to reopen the bug.

Read ya, Phil

Note You need to log in before you can comment on or make changes to this bug.