SIGSEGV by 136 Character Output with Backslash at the end

Matthias Kerk matthias at tuxlife.de
Wed Aug 13 11:33:07 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

i have a problem with all cgis (status, tac etc.).

all scripts receive a SIGSEGV, if one plugin_output 136 character long and with a backslash at the end.



# Lines form status.dat
servicestatus {
~        host_name=server
~        service_description=Disk
~        modified_attributes=0
~        check_command=check_disk!20%!10%
~        check_period=24x7
~        notification_period=24x7
~        check_interval=5.000000
~        retry_interval=1.000000
~        event_handler=
~        has_been_checked=1
~        should_be_scheduled=1
~        check_execution_time=0.058
~        check_latency=0.671
~        check_type=0
~        current_state=0
~        last_hard_state=0
~        last_event_id=0
~        current_event_id=0
~        current_problem_id=0
~        last_problem_id=0
~        current_attempt=1
~        max_attempts=3
~        current_event_id=0
~        last_event_id=0
~        state_type=1
~        last_state_change=1218617252
~        last_hard_state_change=1218617252
~        last_time_ok=1218617252
~        last_time_warning=0
~        last_time_unknown=0
~        last_time_critical=0
~        plugin_output=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\
~        long_plugin_output=
~        performance_data=
~        last_check=1218617252
~        next_check=1218617552
~        check_options=0
~        current_notification_number=0
~        current_notification_id=0
~        last_notification=0
~        next_notification=0
~        no_more_notifications=0
~        notifications_enabled=1
~        active_checks_enabled=1
~        passive_checks_enabled=1
~        event_handler_enabled=1
~        problem_has_been_acknowledged=0
~        acknowledgement_type=0
~        flap_detection_enabled=1
~        failure_prediction_enabled=1
~        process_performance_data=1
~        obsess_over_service=1
~        last_update=1218617339
~        is_flapping=0
~        percent_state_change=0.00
~        scheduled_downtime_depth=0
~        }


#Strace with one space or tab (default-status.dat):
...
open("/status.dat", O_RDONLY)           = 3
fstat(3, {st_mode=S_IFREG|0664, st_size=4613708, ...}) = 0
mmap(NULL, 4613708, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b3417812000
brk(0xa58000)                           = 0xa58000
brk(0xa79000)                           = 0xa79000
brk(0xa9a000)                           = 0xa9a000
brk(0xabb000)                           = 0xabb000
brk(0xadc000)                           = 0xadc000
munmap(0x2b3417812000, 4613708)         = 0
close(3)                                = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b3417812000
write(1, "Cache-Control: no-store\r\n", 25Cache-Control: no-store
) = 25
write(1, "Pragma: no-cache\r\n", 18Pragma: no-cache
)    = 18
write(1, "Refresh: 90\r\n", 13Refresh: 90
)         = 13
- --- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


Strace with any space at the beginning of the line:
...
open("/status.dat", O_RDONLY)           = 3
fstat(3, {st_mode=S_IFREG|0664, st_size=4613709, ...}) = 0
mmap(NULL, 4613709, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b8c17937000
brk(0xa58000)                           = 0xa58000
brk(0xa79000)                           = 0xa79000
brk(0xa9a000)                           = 0xa9a000
brk(0xabb000)                           = 0xabb000
brk(0xadc000)                           = 0xadc000
munmap(0x2b8c17937000, 4613709)         = 0
close(3)                                = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b8c17937000
write(1, "Cache-Control: no-store\r\n", 25Cache-Control: no-store
) = 25
write(1, "Pragma: no-cache\r\n", 18Pragma: no-cache
)    = 18
write(1, "Refresh: 90\r\n", 13Refresh: 90
)         = 13
open("/dev/tty", O_RDWR|O_NONBLOCK|O_NOCTTY) = 3
writev(3, [{"*** glibc detected *** ", 23}, {"/usr/lib/nagios/cgi/tac.cgi", 27}, {": ", 2}, {"corrupted double-linked list", 28}, {": 0x", 4}, {"00000000005fc3d0", 16}, {" ***\n", 5}], 7*** glibc detected *** /usr/lib/nagios/cgi/tac.cgi: corrupted
double-linked list: 0x00000000005fc3d0 ***
) = 105
open("/etc/ld.so.cache", O_RDONLY)      = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=101120, ...}) = 0
mmap(NULL, 101120, PROT_READ, MAP_PRIVATE, 4, 0) = 0x2b8c17938000
close(4)                                = 0
open("/lib64/libgcc_s.so.1", O_RDONLY)  = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\36\0\0"..., 832) = 832
mmap(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2b8c17951000
munmap(0x2b8c17951000, 716800)          = 0
munmap(0x2b8c17b00000, 331776)          = 0
mprotect(0x2b8c17a00000, 135168, PROT_READ|PROT_WRITE) = 0
fstat(4, {st_mode=S_IFREG|0755, st_size=56752, ...}) = 0
mmap(NULL, 1100872, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x2b8c17b00000
madvise(0x2b8c17b00000, 1100872, MADV_SEQUENTIAL|0x1) = 0
mprotect(0x2b8c17b0d000, 1044480, PROT_NONE) = 0
mmap(0x2b8c17c0c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xc000) = 0x2b8c17c0c000
close(4)                                = 0
munmap(0x2b8c17938000, 101120)          = 0
write(3, "======= Backtrace: =========\n", 29======= Backtrace: =========
) = 29
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1776131e", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1776131e]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1776143d", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1776143d]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c17763399", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c17763399]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"(", 1}, {"malloc", 6}, {"+0x", 3}, {"86", 2}, {")", 1}, {"[0x", 3}, {"2b8c17764766", 12}, {"]\n", 2}], 9/lib64/libc.so.6(malloc+0x86)[0x2b8c17764766]
) = 46
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1775322a", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1775322a]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1777bab1", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1777bab1]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1777a96f", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1777a96f]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1777b22e", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1777b22e]
) = 33
writev(3, [{"/usr/lib/nagios/cgi/tac.cgi", 27}, {"[0x", 3}, {"406c98", 6}, {"]\n", 2}], 4/usr/lib/nagios/cgi/tac.cgi[0x406c98]
) = 38
writev(3, [{"/usr/lib/nagios/cgi/tac.cgi", 27}, {"[0x", 3}, {"4041c7", 6}, {"]\n", 2}], 4/usr/lib/nagios/cgi/tac.cgi[0x4041c7]
) = 38
writev(3, [{"/usr/lib/nagios/cgi/tac.cgi", 27}, {"[0x", 3}, {"404349", 6}, {"]\n", 2}], 4/usr/lib/nagios/cgi/tac.cgi[0x404349]
) = 38
writev(3, [{"/lib64/libc.so.6", 16}, {"(", 1}, {"__libc_start_main", 17}, {"+0x", 3}, {"f4", 2}, {")", 1}, {"[0x", 3}, {"2b8c17713184", 12}, {"]\n", 2}], 9/lib64/libc.so.6(__libc_start_main+0xf4)[0x2b8c17713184]
) = 57
writev(3, [{"/usr/lib/nagios/cgi/tac.cgi", 27}, {"[0x", 3}, {"4016e9", 6}, {"]\n", 2}], 4/usr/lib/nagios/cgi/tac.cgi[0x4016e9]
) = 38
write(3, "======= Memory map: ========\n", 29======= Memory map: ========
) = 29
open("/proc/self/maps", O_RDONLY)       = 4
read(4, "00400000-0042f000 r-xp 00000000 "..., 1024) = 1024
write(3, "00400000-0042f000 r-xp 00000000 "..., 102400400000-0042f000 r-xp 00000000 68:06 84063                              /usr/lib/nagios/cgi/tac.cgi
0052e000-0052f000 rw-p 0002e000 68:06 84063                              /usr/lib/nagios/cgi/tac.cgi
0052f000-00adc000 rw-p 0052f000 00:00 0                                  [heap]
2b8c175da000-2b8c175f5000 r-xp 00000000 68:03 576002                     /lib64/ld-2.4.so
2b8c175f5000-2b8c175f6000 rw-p 2b8c175f5000 00:00 0
2b8c1760f000-2b8c17610000 rw-p 2b8c1760f000 00:00 0
2b8c176f4000-2b8c176f6000 rw-p 0001a000 68:03 576002                     /lib64/ld-2.4.so
2b8c176f6000-2b8c1782c000 r-xp 00000000 68:03 576009                     /lib64/libc-2.4.so
2b8c1782c000-2b8c1792c000 ---p 00136000 68:03 576009                     /lib64/libc-2.4.so
2b8c1792c000-2b8c1792f000 r--p 00136000 68:03 576009                     /lib64/libc-2.4.so
2b8c1792f000-2b8c17931000 rw-p 00139000 68:03 576009                     /lib64/libc-2.4.so
2b8c17931000-2b8c17938000 rw-p 2b8c17931000 00:00 0
2b8c17a00000-2b8c17a21000 rw-p 2b8c) = 1024
read(4, "17a00000 00:00 0 \n2b8c17a21000-2"..., 1024) = 514
write(3, "17a00000 00:00 0 \n2b8c17a21000-2"..., 51417a00000 00:00 0
2b8c17a21000-2b8c17b00000 ---p 2b8c17a21000 00:00 0
2b8c17b00000-2b8c17b0d000 r-xp 00000000 68:03 576065                     /lib64/libgcc_s.so.1
2b8c17b0d000-2b8c17c0c000 ---p 0000d000 68:03 576065                     /lib64/libgcc_s.so.1
2b8c17c0c000-2b8c17c0d000 rw-p 0000c000 68:03 576065                     /lib64/libgcc_s.so.1
7fff934bb000-7fff934d0000 rw-p 7fff934bb000 00:00 0                      [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vdso]
) = 514
read(4, "", 1024)                       = 0
close(4)                                = 0
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
gettid()                                = 27696
tgkill(27696, 27696, SIGABRT)           = 0
- --- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++


have someone a idea?


Best regards.
Matthias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFIoqpTTG9/zWWjsBsRAiUkAJ9G9iUU4vnlv4HjQSb6Sp8wZOzItgCgiJuQ
o75SE4G51rQ5+Dvb1Fdw6SU=
=cWf3
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/




More information about the Developers mailing list