Package: amanda-server Version: 2.4.5-2 Severity: normal Hi,
I ran into this problem a few days ago... ] s10:~# su backup -c "/usr/sbin/amadmin user due" ] Segmentation fault ... had a look through the source code, and found this... ] (server-src/infofile.h) ] 42 #define NB_HISTORY 100 ] [...] ] 69 typedef struct info_s { ] 70 unsigned int command; /* command word */ ] 71 # define NO_COMMAND 0 /* no outstanding commands */ ] 72 # define FORCE_FULL 1 /* force level 0 at next run */ ] 73 # define FORCE_BUMP 2 /* force bump at next run */ ] 74 # define FORCE_NO_BUMP 4 /* force no-bump at next run */ ] 75 perf_t full; ] 76 perf_t incr; ] 77 stats_t inf[DUMP_LEVELS]; ] 78 int last_level, consecutive_runs; ] 79 history_t history[NB_HISTORY+1]; ] 80 } info_t; ... and this: ] (server-src/infofile.c) ] 277 for(i=0;i<=NB_HISTORY+1;i++) { ] 278 info->history[i].level = -2; ] 279 } This for loop makes one step too much. (There's even another similar loop in infofile.c, there they're doing it right). This overwrites another variable that happens to have been laid out in memory after info... ] (gdb) bt ] #0 0xb7fa40ed in debug_agets () from /usr/lib/libamanda-2.4.5.so ] #1 0xb7fdaa2f in read_txinfofile () from /usr/lib/libamserver-2.4.5.so ] #2 0xb7fdba4a in get_info () from /usr/lib/libamserver-2.4.5.so ] #3 0x0804af99 in due_one (dp=0x8053840) at amadmin.c:716 ] #4 0x0804b10a in due (argc=3, argv=0xbffffdb4) at amadmin.c:748 ] #5 0x08049c10 in main (argc=3, argv=0xbffffdb4) at amadmin.c:169 ] (gdb) c ] Continuing. ] Hardware watchpoint 4: hp ] ] Old value = (am_host_t *) 0x8054200 ] New value = (am_host_t *) 0xfffffffe ] 0xb7fdaaf6 in read_txinfofile () from /usr/lib/libamserver-2.4.5.so ] (gdb) bt ] #0 0xb7fdaaf6 in read_txinfofile () from /usr/lib/libamserver-2.4.5.so ] #1 0xb7fdba4a in get_info () from /usr/lib/libamserver-2.4.5.so ] #2 0x0804af99 in due_one (dp=0x8053840) at amadmin.c:716 ] #3 0x0804b10a in due (argc=3, argv=0xbffffdb4) at amadmin.c:748 ] #4 0x08049c10 in main (argc=3, argv=0xbffffdb4) at amadmin.c:169 ] (gdb) ... which finally causes the segfault. ] (gdb) c ] Continuing. ] ] Program received signal SIGSEGV, Segmentation fault. ] 0x0804afed in due_one (dp=0x8053840) at amadmin.c:722 ] 722 printf("Overdue %2d day%s %s:%s\n", ] 723 -days, (-days == 1) ? ": " : "s:", ] 724 hp->hostname, dp->name); ] (gdb) bt ] #0 0x0804afed in due_one (dp=0x8053840) at amadmin.c:722 ] #1 0x0804b10a in due (argc=3, argv=0xbffffdb4) at amadmin.c:748 ] #2 0x08049c10 in main (argc=3, argv=0xbffffdb4) at amadmin.c:169 ] (gdb) (One-liner-)Patch attached. ;) Regards, Jan -- Jan C. Nordholz <jckn At gmx net>
--- amanda-2.4.5/server-src/infofile.c 2005-11-17 12:10:18.000000000 +0100 +++ amanda-2.4.5_new/server-src/infofile.c 2005-11-17 12:13:54.000000000 +0100 @@ -274,7 +274,7 @@ rc = 0; nb_history = 0; - for(i=0;i<=NB_HISTORY+1;i++) { + for(i=0;i<=NB_HISTORY;i++) { info->history[i].level = -2; } for(rc = -2; (line = agets(infof)) != NULL; free(line)) {