[Bug 946758] [NEW] Format string overflow in Monitor.c:check_array

Launchpad Bug Tracker 946758 at bugs.launchpad.net
Wed Jul 4 09:14:21 UTC 2012 

You have been subscribed to a public bug by Robie Basak (racb):

SRU Justification

[Impact]

If mdadm --monitor is being used to monitor RAID (very common), then if
a RAID reconstruction completes but with mismatches detected by the
kernel, and the number of mismatches is more than 99, then mdadm crashes
due to a buffer overflow. This will cause the loss of RAID monitoring,
possibly without the administrator noticing. This could cause loss of
data if a future RAID failure is not detected because monitoring has
failed.

[Test Case]

0. Check that mdadm --monitor is running (it should be already on a md-based RAID system by default).
1. Arrange for RAID reconstruction to complete but with a large number of mismatches (difficult!).
2. Check if mdadm is still running. It should be, but this bug causes it to crash.

[Regression Potential]

The fix is taken from upstream and is trivial. The code change is solely
in the monitoring code that runs when reconstruction is complete. If
there is a regression, it is most likely to be in another similar C
memory mismanagement bug that was already present in the monitoring
code.

Original message:

possibly dupe of ​ #946344
on the off chance it's a new, created accordingly.

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: mdadm 3.2.3-2ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-17.27-generic-pae 3.2.6
Uname: Linux 3.2.0-17-generic-pae i686
NonfreeKernelModules: nvidia
ApportVersion: 1.94-0ubuntu1
Architecture: i386
Date: Sun Mar  4 01:58:16 2012
ExecutablePath: /sbin/mdadm
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha i386 (20120201.2)
MDadmExamine.dev.sda:
 /dev/sda:
    MBR Magic : aa55
 Partition[0] :     54687744 sectors at         2048 (type fd)
 Partition[1] :    433587772 sectors at     54691838 (type 05)
MDadmExamine.dev.sda2:
 /dev/sda2:
    MBR Magic : aa55
 Partition[0] :    431634357 sectors at      1953415 (type fd)
 Partition[1] :      1951745 sectors at            1 (type 05)
MDadmExamine.dev.sdb:
 /dev/sdb:
    MBR Magic : aa55
 Partition[0] :     54687744 sectors at         2048 (type fd)
 Partition[1] :    433587772 sectors at     54691838 (type 05)
MDadmExamine.dev.sdb2:
 /dev/sdb2:
    MBR Magic : aa55
 Partition[0] :    431634357 sectors at      1953415 (type fd)
 Partition[1] :      1951745 sectors at            1 (type 05)
MDadmExamine.dev.sdc: Error: command ['/sbin/mdadm', '-E', '/dev/sdc'] failed with exit code 1: mdadm: cannot open /dev/sdc: No medium found
MDadmExamine.dev.sdd: Error: command ['/sbin/mdadm', '-E', '/dev/sdd'] failed with exit code 1: mdadm: cannot open /dev/sdd: No medium found
MDadmExamine.dev.sde: Error: command ['/sbin/mdadm', '-E', '/dev/sde'] failed with exit code 1: mdadm: cannot open /dev/sde: No medium found
MDadmExamine.dev.sdf: Error: command ['/sbin/mdadm', '-E', '/dev/sdf'] failed with exit code 1: mdadm: cannot open /dev/sdf: No medium found
MachineType: Dell Inc. Inspiron 530
ProcCmdline: /sbin/mdadm --monitor --pid-file /var/run/mdadm/monitor.pid --daemonise --scan --syslog
ProcEnviron:
 TERM=linux
 PATH=(custom, no user)
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-17-generic-pae root=UUID=4de18d92-4134-4795-943f-3cf94658f0d1 ro quiet splash vt.handoff=7
Signal: 6
SourcePackage: mdadm
StacktraceTop:
 raise () from /lib/i386-linux-gnu/libc.so.6
 abort () from /lib/i386-linux-gnu/libc.so.6
 ?? () from /lib/i386-linux-gnu/libc.so.6
 __fortify_fail () from /lib/i386-linux-gnu/libc.so.6
 __chk_fail () from /lib/i386-linux-gnu/libc.so.6
Title: mdadm crashed with SIGABRT in raise()
UpgradeStatus: Upgraded to precise on 2012-02-09 (24 days ago)
UserGroups:

dmi.bios.date: 03/20/2008
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.0.13
dmi.board.name: 0FM586
dmi.board.vendor: Dell Inc.
dmi.board.version: ���
dmi.chassis.type: 3
dmi.chassis.vendor: Dell Inc.
dmi.chassis.version: OEM
dmi.modalias: dmi:bvnDellInc.:bvr1.0.13:bd03/20/2008:svnDellInc.:pnInspiron530:pvr:rvnDellInc.:rn0FM586:rvr:cvnDellInc.:ct3:cvrOEM:
dmi.product.name: Inspiron 530
dmi.sys.vendor: Dell Inc.
etc.blkid.tab: Error: [Errno 2] No such file or directory: '/etc/blkid.tab'

** Affects: mdadm (Ubuntu)
     Importance: Medium
         Status: Fix Released

** Affects: mdadm (Ubuntu Precise)
     Importance: High
         Status: Triaged


** Tags: apport-crash i386 precise
-- 
Format string overflow in Monitor.c:check_array
https://bugs.launchpad.net/bugs/946758
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list