[Bug 946758] Re: Format string overflow in Monitor.c:check_array

Tim Frost timfrost at xtra.co.nz
Thu Jul 5 06:32:29 UTC 2012 

80 bytes may not be enough on a server running in 64-bit mode with a
large disk/array, given that the format string is 41 bytes lonmg -
including 2 '%d' variables .  How many digits could there be in the
longest possible number of mis-matches on a system that has a raid
partition of maximum supported size?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mdadm in Ubuntu.
https://bugs.launchpad.net/bugs/946758

Title:
  Format string overflow in Monitor.c:check_array

Status in “mdadm” package in Ubuntu:
  Fix Released
Status in “mdadm” source package in Precise:
  Triaged

Bug description:
  SRU Justification

  [Impact]

  If mdadm --monitor is being used to monitor RAID (very common), then
  if a RAID reconstruction completes but with mismatches detected by the
  kernel, and the number of mismatches is more than 99, then mdadm
  crashes due to a buffer overflow. This will cause the loss of RAID
  monitoring, possibly without the administrator noticing. This could
  cause loss of data if a future RAID failure is not detected because
  monitoring has failed.

  [Test Case]

  0. Check that mdadm --monitor is running (it should be already on a md-based RAID system by default).
  1. Arrange for RAID reconstruction to complete but with a large number of mismatches (difficult!).
  2. Check if mdadm is still running. It should be, but this bug causes it to crash.

  [Regression Potential]

  The fix is taken from upstream and is trivial. The code change is
  solely in the monitoring code that runs when reconstruction is
  complete. If there is a regression, it is most likely to be in another
  similar C memory mismanagement bug that was already present in the
  monitoring code.

  Original message:

  possibly dupe of ​ #946344
  on the off chance it's a new, created accordingly.

  ProblemType: Crash
  DistroRelease: Ubuntu 12.04
  Package: mdadm 3.2.3-2ubuntu1
  ProcVersionSignature: Ubuntu 3.2.0-17.27-generic-pae 3.2.6
  Uname: Linux 3.2.0-17-generic-pae i686
  NonfreeKernelModules: nvidia
  ApportVersion: 1.94-0ubuntu1
  Architecture: i386
  Date: Sun Mar  4 01:58:16 2012
  ExecutablePath: /sbin/mdadm
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha i386 (20120201.2)
  MDadmExamine.dev.sda:
   /dev/sda:
      MBR Magic : aa55
   Partition[0] :     54687744 sectors at         2048 (type fd)
   Partition[1] :    433587772 sectors at     54691838 (type 05)
  MDadmExamine.dev.sda2:
   /dev/sda2:
      MBR Magic : aa55
   Partition[0] :    431634357 sectors at      1953415 (type fd)
   Partition[1] :      1951745 sectors at            1 (type 05)
  MDadmExamine.dev.sdb:
   /dev/sdb:
      MBR Magic : aa55
   Partition[0] :     54687744 sectors at         2048 (type fd)
   Partition[1] :    433587772 sectors at     54691838 (type 05)
  MDadmExamine.dev.sdb2:
   /dev/sdb2:
      MBR Magic : aa55
   Partition[0] :    431634357 sectors at      1953415 (type fd)
   Partition[1] :      1951745 sectors at            1 (type 05)
  MDadmExamine.dev.sdc: Error: command ['/sbin/mdadm', '-E', '/dev/sdc'] failed with exit code 1: mdadm: cannot open /dev/sdc: No medium found
  MDadmExamine.dev.sdd: Error: command ['/sbin/mdadm', '-E', '/dev/sdd'] failed with exit code 1: mdadm: cannot open /dev/sdd: No medium found
  MDadmExamine.dev.sde: Error: command ['/sbin/mdadm', '-E', '/dev/sde'] failed with exit code 1: mdadm: cannot open /dev/sde: No medium found
  MDadmExamine.dev.sdf: Error: command ['/sbin/mdadm', '-E', '/dev/sdf'] failed with exit code 1: mdadm: cannot open /dev/sdf: No medium found
  MachineType: Dell Inc. Inspiron 530
  ProcCmdline: /sbin/mdadm --monitor --pid-file /var/run/mdadm/monitor.pid --daemonise --scan --syslog
  ProcEnviron:
   TERM=linux
   PATH=(custom, no user)
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-17-generic-pae root=UUID=4de18d92-4134-4795-943f-3cf94658f0d1 ro quiet splash vt.handoff=7
  Signal: 6
  SourcePackage: mdadm
  StacktraceTop:
   raise () from /lib/i386-linux-gnu/libc.so.6
   abort () from /lib/i386-linux-gnu/libc.so.6
   ?? () from /lib/i386-linux-gnu/libc.so.6
   __fortify_fail () from /lib/i386-linux-gnu/libc.so.6
   __chk_fail () from /lib/i386-linux-gnu/libc.so.6
  Title: mdadm crashed with SIGABRT in raise()
  UpgradeStatus: Upgraded to precise on 2012-02-09 (24 days ago)
  UserGroups:

  dmi.bios.date: 03/20/2008
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 1.0.13
  dmi.board.name: 0FM586
  dmi.board.vendor: Dell Inc.
  dmi.board.version: ���
  dmi.chassis.type: 3
  dmi.chassis.vendor: Dell Inc.
  dmi.chassis.version: OEM
  dmi.modalias: dmi:bvnDellInc.:bvr1.0.13:bd03/20/2008:svnDellInc.:pnInspiron530:pvr:rvnDellInc.:rn0FM586:rvr:cvnDellInc.:ct3:cvrOEM:
  dmi.product.name: Inspiron 530
  dmi.sys.vendor: Dell Inc.
  etc.blkid.tab: Error: [Errno 2] No such file or directory: '/etc/blkid.tab'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/946758/+subscriptions

More information about the foundations-bugs mailing list