SIGSEGV by 136 Character Output with Backslash at the end
Matthias Kerk
matthias at tuxlife.de
Wed Aug 13 11:33:07 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
i have a problem with all cgis (status, tac etc.).
all scripts receive a SIGSEGV, if one plugin_output 136 character long and with a backslash at the end.
# Lines form status.dat
servicestatus {
~ host_name=server
~ service_description=Disk
~ modified_attributes=0
~ check_command=check_disk!20%!10%
~ check_period=24x7
~ notification_period=24x7
~ check_interval=5.000000
~ retry_interval=1.000000
~ event_handler=
~ has_been_checked=1
~ should_be_scheduled=1
~ check_execution_time=0.058
~ check_latency=0.671
~ check_type=0
~ current_state=0
~ last_hard_state=0
~ last_event_id=0
~ current_event_id=0
~ current_problem_id=0
~ last_problem_id=0
~ current_attempt=1
~ max_attempts=3
~ current_event_id=0
~ last_event_id=0
~ state_type=1
~ last_state_change=1218617252
~ last_hard_state_change=1218617252
~ last_time_ok=1218617252
~ last_time_warning=0
~ last_time_unknown=0
~ last_time_critical=0
~ plugin_output=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\
~ long_plugin_output=
~ performance_data=
~ last_check=1218617252
~ next_check=1218617552
~ check_options=0
~ current_notification_number=0
~ current_notification_id=0
~ last_notification=0
~ next_notification=0
~ no_more_notifications=0
~ notifications_enabled=1
~ active_checks_enabled=1
~ passive_checks_enabled=1
~ event_handler_enabled=1
~ problem_has_been_acknowledged=0
~ acknowledgement_type=0
~ flap_detection_enabled=1
~ failure_prediction_enabled=1
~ process_performance_data=1
~ obsess_over_service=1
~ last_update=1218617339
~ is_flapping=0
~ percent_state_change=0.00
~ scheduled_downtime_depth=0
~ }
#Strace with one space or tab (default-status.dat):
...
open("/status.dat", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0664, st_size=4613708, ...}) = 0
mmap(NULL, 4613708, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b3417812000
brk(0xa58000) = 0xa58000
brk(0xa79000) = 0xa79000
brk(0xa9a000) = 0xa9a000
brk(0xabb000) = 0xabb000
brk(0xadc000) = 0xadc000
munmap(0x2b3417812000, 4613708) = 0
close(3) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b3417812000
write(1, "Cache-Control: no-store\r\n", 25Cache-Control: no-store
) = 25
write(1, "Pragma: no-cache\r\n", 18Pragma: no-cache
) = 18
write(1, "Refresh: 90\r\n", 13Refresh: 90
) = 13
- --- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Strace with any space at the beginning of the line:
...
open("/status.dat", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0664, st_size=4613709, ...}) = 0
mmap(NULL, 4613709, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b8c17937000
brk(0xa58000) = 0xa58000
brk(0xa79000) = 0xa79000
brk(0xa9a000) = 0xa9a000
brk(0xabb000) = 0xabb000
brk(0xadc000) = 0xadc000
munmap(0x2b8c17937000, 4613709) = 0
close(3) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b8c17937000
write(1, "Cache-Control: no-store\r\n", 25Cache-Control: no-store
) = 25
write(1, "Pragma: no-cache\r\n", 18Pragma: no-cache
) = 18
write(1, "Refresh: 90\r\n", 13Refresh: 90
) = 13
open("/dev/tty", O_RDWR|O_NONBLOCK|O_NOCTTY) = 3
writev(3, [{"*** glibc detected *** ", 23}, {"/usr/lib/nagios/cgi/tac.cgi", 27}, {": ", 2}, {"corrupted double-linked list", 28}, {": 0x", 4}, {"00000000005fc3d0", 16}, {" ***\n", 5}], 7*** glibc detected *** /usr/lib/nagios/cgi/tac.cgi: corrupted
double-linked list: 0x00000000005fc3d0 ***
) = 105
open("/etc/ld.so.cache", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=101120, ...}) = 0
mmap(NULL, 101120, PROT_READ, MAP_PRIVATE, 4, 0) = 0x2b8c17938000
close(4) = 0
open("/lib64/libgcc_s.so.1", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\36\0\0"..., 832) = 832
mmap(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2b8c17951000
munmap(0x2b8c17951000, 716800) = 0
munmap(0x2b8c17b00000, 331776) = 0
mprotect(0x2b8c17a00000, 135168, PROT_READ|PROT_WRITE) = 0
fstat(4, {st_mode=S_IFREG|0755, st_size=56752, ...}) = 0
mmap(NULL, 1100872, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x2b8c17b00000
madvise(0x2b8c17b00000, 1100872, MADV_SEQUENTIAL|0x1) = 0
mprotect(0x2b8c17b0d000, 1044480, PROT_NONE) = 0
mmap(0x2b8c17c0c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xc000) = 0x2b8c17c0c000
close(4) = 0
munmap(0x2b8c17938000, 101120) = 0
write(3, "======= Backtrace: =========\n", 29======= Backtrace: =========
) = 29
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1776131e", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1776131e]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1776143d", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1776143d]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c17763399", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c17763399]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"(", 1}, {"malloc", 6}, {"+0x", 3}, {"86", 2}, {")", 1}, {"[0x", 3}, {"2b8c17764766", 12}, {"]\n", 2}], 9/lib64/libc.so.6(malloc+0x86)[0x2b8c17764766]
) = 46
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1775322a", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1775322a]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1777bab1", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1777bab1]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1777a96f", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1777a96f]
) = 33
writev(3, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"2b8c1777b22e", 12}, {"]\n", 2}], 4/lib64/libc.so.6[0x2b8c1777b22e]
) = 33
writev(3, [{"/usr/lib/nagios/cgi/tac.cgi", 27}, {"[0x", 3}, {"406c98", 6}, {"]\n", 2}], 4/usr/lib/nagios/cgi/tac.cgi[0x406c98]
) = 38
writev(3, [{"/usr/lib/nagios/cgi/tac.cgi", 27}, {"[0x", 3}, {"4041c7", 6}, {"]\n", 2}], 4/usr/lib/nagios/cgi/tac.cgi[0x4041c7]
) = 38
writev(3, [{"/usr/lib/nagios/cgi/tac.cgi", 27}, {"[0x", 3}, {"404349", 6}, {"]\n", 2}], 4/usr/lib/nagios/cgi/tac.cgi[0x404349]
) = 38
writev(3, [{"/lib64/libc.so.6", 16}, {"(", 1}, {"__libc_start_main", 17}, {"+0x", 3}, {"f4", 2}, {")", 1}, {"[0x", 3}, {"2b8c17713184", 12}, {"]\n", 2}], 9/lib64/libc.so.6(__libc_start_main+0xf4)[0x2b8c17713184]
) = 57
writev(3, [{"/usr/lib/nagios/cgi/tac.cgi", 27}, {"[0x", 3}, {"4016e9", 6}, {"]\n", 2}], 4/usr/lib/nagios/cgi/tac.cgi[0x4016e9]
) = 38
write(3, "======= Memory map: ========\n", 29======= Memory map: ========
) = 29
open("/proc/self/maps", O_RDONLY) = 4
read(4, "00400000-0042f000 r-xp 00000000 "..., 1024) = 1024
write(3, "00400000-0042f000 r-xp 00000000 "..., 102400400000-0042f000 r-xp 00000000 68:06 84063 /usr/lib/nagios/cgi/tac.cgi
0052e000-0052f000 rw-p 0002e000 68:06 84063 /usr/lib/nagios/cgi/tac.cgi
0052f000-00adc000 rw-p 0052f000 00:00 0 [heap]
2b8c175da000-2b8c175f5000 r-xp 00000000 68:03 576002 /lib64/ld-2.4.so
2b8c175f5000-2b8c175f6000 rw-p 2b8c175f5000 00:00 0
2b8c1760f000-2b8c17610000 rw-p 2b8c1760f000 00:00 0
2b8c176f4000-2b8c176f6000 rw-p 0001a000 68:03 576002 /lib64/ld-2.4.so
2b8c176f6000-2b8c1782c000 r-xp 00000000 68:03 576009 /lib64/libc-2.4.so
2b8c1782c000-2b8c1792c000 ---p 00136000 68:03 576009 /lib64/libc-2.4.so
2b8c1792c000-2b8c1792f000 r--p 00136000 68:03 576009 /lib64/libc-2.4.so
2b8c1792f000-2b8c17931000 rw-p 00139000 68:03 576009 /lib64/libc-2.4.so
2b8c17931000-2b8c17938000 rw-p 2b8c17931000 00:00 0
2b8c17a00000-2b8c17a21000 rw-p 2b8c) = 1024
read(4, "17a00000 00:00 0 \n2b8c17a21000-2"..., 1024) = 514
write(3, "17a00000 00:00 0 \n2b8c17a21000-2"..., 51417a00000 00:00 0
2b8c17a21000-2b8c17b00000 ---p 2b8c17a21000 00:00 0
2b8c17b00000-2b8c17b0d000 r-xp 00000000 68:03 576065 /lib64/libgcc_s.so.1
2b8c17b0d000-2b8c17c0c000 ---p 0000d000 68:03 576065 /lib64/libgcc_s.so.1
2b8c17c0c000-2b8c17c0d000 rw-p 0000c000 68:03 576065 /lib64/libgcc_s.so.1
7fff934bb000-7fff934d0000 rw-p 7fff934bb000 00:00 0 [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vdso]
) = 514
read(4, "", 1024) = 0
close(4) = 0
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
gettid() = 27696
tgkill(27696, 27696, SIGABRT) = 0
- --- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++
have someone a idea?
Best regards.
Matthias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFIoqpTTG9/zWWjsBsRAiUkAJ9G9iUU4vnlv4HjQSb6Sp8wZOzItgCgiJuQ
o75SE4G51rQ5+Dvb1Fdw6SU=
=cWf3
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
More information about the Developers
mailing list