status.cgi segfault without hostgroup parameter on solaris 10

Andreas Ericsson ae at op5.se
Wed Oct 20 19:25:39 CEST 2010


On 10/04/2010 08:41 AM, Michael Friedrich wrote:
> 
> Building the latest HEAD straight with
> 
> $ git pull
> $ make distclean
> $ ./configure
> $ make cgis
> 
> throws
> 
> cgiutils.c: In function `url_encode':
> cgiutils.c:1371: warning: passing arg 1 of `strcpy' from incompatible
> pointer type
> 
> because strcpy awaits char* instead of char[]
> 

For all intents and purposes, those two are identical. A function is
perfectly entitled to modify the callers stack. It's only when you
return a stack-allocated variable that you run into problems, and
the called function doesn't even know if the memory reference is on
the stack or on the heap.

I have no idea why that warns, tbh, but passing

  char str[50];
  lalala(&str[0]);

should do exactly the same thing as

  char *str = malloc(50);
  lalala(str),

except that one puts its memory on the heap and the other one the
stack.

> 
> Just one last thing, Andreas is telling me that more testing is needed
> by different people. Which is good btw, I was only talking about a
> Quickfix Release, nothing else.
> 
> Andreas Ericsson wrote:
> 
>>   Since the fix awaits input from testers we can't very well release it
> 
>>   immediately. You've tested it, so that makes one person. If a few more
>>   report that it's now working as intended without any downsides we'll
>>   probably go ahead and cut a release in the next few days, but releasing
>>   untested code that might break something else just to fix a bug isn't
>>   really good practice.
> 
> 
> On the webpage, Nagios 3.2.3 is already out. I don't really understand - now there's a "possible fix for solaris segfault" and this is put straight forward into a new release? I thought advanced testing would be needed, also having something in mind with testing on the 3 of you.
> I really thought that Nagios Core Development would become more open, residing next to several things happening. But as it seems, it's still a one man show. Anyways, so nothing changed and we can go on testing new Nagios release.
> 

When you're done playing agitator, feel free to set up a solaris system
and test the bugs yourself directly from CVS. I'll even go so far as to
dub you "official tester of awkward platforms", where "awkward" is
defined as "any unixy system I can't legally log in to as root where
and when I feel like it".

And like Ton said; Making sure the function never returns NULL will is
known to work around Solaris' format-string issues which doesn't handle
NULL pointers gracefully as glibc's does since somewhere around 2.3.

If it barfs on NULL and won't ever get NULL, we're safe.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev




More information about the Developers mailing list