Hello,
I think I found a bug in mrt_open_file & tm_format_real_time. On some of
my systems, mrt dump crashes if the filename pattern is longer than 42B.
Daemon dies with "*** stack smashing detected ***: <unknown> terminated"
and no other fail messages are displayed.
I'm attaching gdb's bt full.
I took a look at the code and I found something that worries me. First,
mrt_open_file uses 4kB buffers for path pattern and final name while
tm_format_real_time uses only 32B buffer for pattern. Second, in call to
strfusec, it specifies 32B buffer and length of output buffer. But please
take my findings with a grain of salt, I'm not a C expert :-)
Could you please verify that?
Thanks,
Piotr
--
Piotr 'GhosT' Wydrych ........ Engineering Manager, SDN ......... Akamai
........................................................................
A: Because it messes up the order in which people normally read text. ..
Q: Why is top-posting such a bad thing? ................................
#0 0x00007f9a88cedfc7 in raise () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 0x00007f9a88cef931 in abort () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#2 0x00007f9a88d38977 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#3 0x00007f9a88de3d81 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#4 0x00007f9a88de3d42 in __stack_chk_fail () from
/lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#5 0x000055fc09b12e91 in tm_format_real_time (x=0x7ffc5bfb2330
"/tmp/678901234567890123456789012345678901", max=4096, fmt=<optimized out>,
t=<optimized out>)
at lib/timer.c:376
t1 = <optimized out>
t2 = <optimized out>
ts = 1617997683
tm = {tm_sec = 3, tm_min = 48, tm_hour = 19, tm_mday = 9, tm_mon = 3,
tm_year = 121, tm_wday = 5, tm_yday = 98, tm_isdst = 0, tm_gmtoff = 0,
tm_zone = 0x55fc0ab2e640 "UTC"}
tbuf = "/tmp/678901234567890123456789012"
#6 0x000055fc09b213af in mrt_open_file (s=s@entry=0x55fc0ab32870) at
proto/mrt/mrt.c:263
fmt1 =
"/tmp/678901234567890123456789012345678901\000\373[\374\177\000\000\001\000\000\000\000\000\000\000\023\252\321\210\232\177",
'\000' <repeats 58 times>, "\236J\346\210\232\177\000\000\220;\373[\374\177",
'\000' <repeats 26 times>, "\360\065\373[\374\177", '\000' <repeats 18 times>,
"\200u\t\211\232\177\000\000\000\000\000\000\000\000\000\000"...
name = "/tmp/678901234567890123456789012345678901", '\000' <repeats 587
times>...
now = 278789693363
now_real = 1617997683333011
#7 0x000055fc09b273e6 in mrt_table_dump_step (s=0x55fc0ab32870) at
proto/mrt/mrt.c:606
bws = {proto = 0x0, channel = 0x0, pool = 0x0, mp_reach = 0,
as4_session = 1, add_path = 0, mpls = 0, mp_next_hop = 0x0, mpls_labels = 0x0}
#8 0x000055fc09b2798d in mrt_dump_cont.lto_priv.445 (c=<optimized out>,
c=<optimized out>) at proto/mrt/mrt.c:703
No locals.
#9 0x000055fc09ae0f6e in cli_event.lto_priv.129 (data=0x55fc0ab2f540) at
nest/cli.c:293
c = 0x55fc0ab2f540
err = <optimized out>
#10 0x000055fc09b1354b in ev_run () at lib/event.c:86
e = 0x55fc0ab2f600
#11 ev_run_list (l=0x55fc09d87d40 <global_event_list>) at lib/event.c:159
e = 0x55fc0ab2f600
n = 0x55fc0ab2f628
tmp_list = {{head_node = {next = 0x7ffc5bfb44b8, prev = 0x0},
head_padding = 0x7ffc5bfb44b0}, {tail_padding = 0x7ffc5bfb44b8, tail_node =
{next = 0x0,
prev = 0x7ffc5bfb44b0}}, {head = 0x7ffc5bfb44b8, null = 0x0, tail
= 0x7ffc5bfb44b0}}
#12 0x000055fc09ab4334 in io_loop () at sysdep/unix/io.c:2193
poll_tout = <optimized out>
nfds = <optimized out>
t = <optimized out>
---Type <return> to continue, or q <return> to quit---
fdmax = 256
pfd = 0x55fc0ab2e650
n = <optimized out>
timeout = <optimized out>
events = <optimized out>
pout = <optimized out>
s = <optimized out>
poll_tout = <optimized out>
timeout = <optimized out>
nfds = <optimized out>
events = <optimized out>
pout = <optimized out>
t = <optimized out>
s = <optimized out>
n = <optimized out>
fdmax = <optimized out>
pfd = <optimized out>
count = <optimized out>
s = <optimized out>
s = <optimized out>
e = <optimized out>
steps = <optimized out>
#13 main (argc=<optimized out>, argv=<optimized out>) at sysdep/unix/main.c:939
use_uid = <optimized out>
use_gid = <optimized out>
conf = <optimized out>
