Format string overflow in Monitor.c:check_array
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mdadm (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Dimitri John Ledkov |
Bug Description
SRU Justification
[Impact]
If mdadm --monitor is being used to monitor RAID (very common), then if a RAID reconstruction completes but with mismatches detected by the kernel, and the number of mismatches is more than 99, then mdadm crashes due to a buffer overflow. This will cause the loss of RAID monitoring, possibly without the administrator noticing. This could cause loss of data if a future RAID failure is not detected because monitoring has failed.
[Test Case]
0. Check that mdadm --monitor is running (it should be already on a md-based RAID system by default).
1. Arrange for RAID reconstruction to complete but with a large number of mismatches (difficult!).
2. Check if mdadm is still running. It should be, but this bug causes it to crash.
[Regression Potential]
The fix is taken from upstream and is trivial. The code change is solely in the monitoring code that runs when reconstruction is complete. If there is a regression, it is most likely to be in another similar C memory mismanagement bug that was already present in the monitoring code.
Original message:
possibly dupe of #946344
on the off chance it's a new, created accordingly.
ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: mdadm 3.2.3-2ubuntu1
ProcVersionSign
Uname: Linux 3.2.0-17-
NonfreeKernelMo
ApportVersion: 1.94-0ubuntu1
Architecture: i386
Date: Sun Mar 4 01:58:16 2012
ExecutablePath: /sbin/mdadm
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha i386 (20120201.2)
MDadmExamine.
/dev/sda:
MBR Magic : aa55
Partition[0] : 54687744 sectors at 2048 (type fd)
Partition[1] : 433587772 sectors at 54691838 (type 05)
MDadmExamine.
/dev/sda2:
MBR Magic : aa55
Partition[0] : 431634357 sectors at 1953415 (type fd)
Partition[1] : 1951745 sectors at 1 (type 05)
MDadmExamine.
/dev/sdb:
MBR Magic : aa55
Partition[0] : 54687744 sectors at 2048 (type fd)
Partition[1] : 433587772 sectors at 54691838 (type 05)
MDadmExamine.
/dev/sdb2:
MBR Magic : aa55
Partition[0] : 431634357 sectors at 1953415 (type fd)
Partition[1] : 1951745 sectors at 1 (type 05)
MDadmExamine.
MDadmExamine.
MDadmExamine.
MDadmExamine.
MachineType: Dell Inc. Inspiron 530
ProcCmdline: /sbin/mdadm --monitor --pid-file /var/run/
ProcEnviron:
TERM=linux
PATH=(custom, no user)
ProcKernelCmdLine: BOOT_IMAGE=
Signal: 6
SourcePackage: mdadm
StacktraceTop:
raise () from /lib/i386-
abort () from /lib/i386-
?? () from /lib/i386-
__fortify_fail () from /lib/i386-
__chk_fail () from /lib/i386-
Title: mdadm crashed with SIGABRT in raise()
UpgradeStatus: Upgraded to precise on 2012-02-09 (24 days ago)
UserGroups:
dmi.bios.date: 03/20/2008
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.0.13
dmi.board.name: 0FM586
dmi.board.vendor: Dell Inc.
dmi.board.version: ���
dmi.chassis.type: 3
dmi.chassis.vendor: Dell Inc.
dmi.chassis.
dmi.modalias: dmi:bvnDellInc.
dmi.product.name: Inspiron 530
dmi.sys.vendor: Dell Inc.
etc.blkid.tab: Error: [Errno 2] No such file or directory: '/etc/blkid.tab'
visibility: | private → public |
summary: |
- mdadm crashed with SIGABRT in __libc_message() + Format string overflow in Monitor.c:check_array |
description: | updated |
StacktraceTop: unix/sysv/ linux/libc_ fatal.c: 201 _fortify_ fail (msg=0xb76aed5f "buffer overflow detected") at fortify_fail.c:32 chk_overflow (fp=0xbfa3b200, c=49) at vsprintf_chk.c:35
__libc_message (do_abort=2, fmt=0xb76aedde "*** %s ***: %s terminated\n") at ../sysdeps/
__GI__
__GI___chk_fail () at chk_fail.c:29
_IO_str_
_IO_default_xsputn (f=0xbfa3b200, data=0xbfa3b143, n=1) at genops.c:485