Bug#751842: rrdtool: *** glibc detected *** invalid read - Due to wrong usage of setlocale() - Patch included

Mon, 16 Jun 2014 23:33:24 -0700 

Package: rrdtool
Version: 1.4.8-3
Severity: important
Tags: upstream l10n patch
X-Debbugs-CC: hek...@hek.uni-karlsruhe.de


Dear Maintainer,

if the environment is set to use a different locale than "C", rrdtool
and rrdlib might crash with a memory corruption (worst case) or simple
misinterpret numbers (best case). The problem is the following code

(1) old_locale = set_locale( LC_NUMERIC, NULL );
(2) set_locale( LC_NUMERIC, "C" );
(3) // do some locale-depedent string-to-double conversion
(4) set_locale( LC_NUMERIC, old_locale );

The problem is that set_locale() returns a pointer to a globally
allocated char* that is freed/re-allocated on every call. Line (4)
causes a memory corruption, because old_locale was assigned in line
(1) but the second call to setlocale at line (2) freed that memory.
Actually line (1) and (2) should be combined into one. This means:

(1) old_locale = set_locale( LC_NUMERIC, "C" );
(2) // ommitted
(3) // do some locale-dependent string-to-double conversion
(4) set_locale( LC_NUMERIC, old_locale );

The bug was already accepted upstream but won't be included in version
1.8. Hence, in the meantime it would be good to have it fixed by
Debian. Patch is included.

Best regards, Matthias

Index: rrdtool-1.4.8/src/rrd_create.c
==============================
=====================================
--- rrdtool-1.4.8.orig/src/rrd_create.c 2014-06-15 23:11:53.143332854 +0200
+++ rrdtool-1.4.8/src/rrd_create.c      2014-06-15 23:15:25.152700210 +0200
@@ -595,8 +595,7 @@
        &(rrd -> ds_def[ds_idx].par[DS_mrhb_cnt].u_cnt),
        minstr,maxstr);
      */
-    old_locale = setlocale(LC_NUMERIC, NULL);
-    setlocale(LC_NUMERIC, "C");
+    old_locale = setlocale(LC_NUMERIC, "C");
     if (sscanf(def, "%lu:%18[^:]:%18[^:]",
                &(rrd->ds_def[ds_idx].par[DS_mrhb_cnt].u_cnt),
                minstr, maxstr) == 3) {
Index: rrdtool-1.4.8/src/rrd_dump.c
===================================================================
--- rrdtool-1.4.8.orig/src/rrd_dump.c   2013-05-23 09:55:07.000000000 +0200
+++ rrdtool-1.4.8/src/rrd_dump.c        2014-06-15 23:16:12.929008536 +0200
@@ -103,9 +103,7 @@
         return (-1);
     }

-    old_locale = setlocale(LC_NUMERIC, NULL);
-    setlocale(LC_NUMERIC, "C");
-
+    old_locale = setlocale(LC_NUMERIC, "C");

     if (opt_header == 1) {
         CB_PUTS("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n");
Index: rrdtool-1.4.8/src/rrd_graph.c
===================================================================
--- rrdtool-1.4.8.orig/src/rrd_graph.c  2014-06-15 23:11:53.287333785 +0200
+++ rrdtool-1.4.8/src/rrd_graph.c       2014-06-15 23:16:56.405289161 +0200
@@ -4012,8 +4012,7 @@
     rrd_graph_init(&im);
     size_t graphfile_len;
     /* a dummy surface so that we can measure text sizes for placements */
-    old_locale = setlocale(LC_NUMERIC, NULL);
-    setlocale(LC_NUMERIC, "C");
+    old_locale = setlocale(LC_NUMERIC, "C");
     rrd_graph_options(argc, argv, &im);
     if (rrd_test_error()) {
         rrd_info_free(im.grinfo);
Index: rrdtool-1.4.8/src/rrd_rpncalc.c
===================================================================
--- rrdtool-1.4.8.orig/src/rrd_rpncalc.c        2013-05-23
09:55:07.000000000 +0200
+++ rrdtool-1.4.8/src/rrd_rpncalc.c     2014-06-15 23:18:59.782070368 +0200
@@ -299,8 +299,7 @@
     char      vname[MAX_VNAME_LEN + 10];
     char     *old_locale;

-    old_locale = setlocale(LC_NUMERIC, NULL);
-    setlocale(LC_NUMERIC, "C");
+    old_locale = setlocale(LC_NUMERIC, "C");

     rpnp = NULL;
     expr = (char *) expr_const;
Index: rrdtool-1.4.8/src/rrd_tool.c
===================================================================
--- rrdtool-1.4.8.orig/src/rrd_tool.c   2014-06-15 23:11:53.263333630 +0200
@@ -732,8 +732,7 @@
         if (rrd_xport
             (argc - 1, &argv[1], &xxsize, &start, &end, &step, &col_cnt,
              &legend_v, &data) == 0) {
-            char *old_locale = setlocale(LC_NUMERIC,NULL);
-            setlocale(LC_NUMERIC, "C");
+            char *old_locale = setlocale(LC_NUMERIC, "C");
             row_cnt = (end - start) / step;
             ptr = data;
             if (json == 0){
Index: rrdtool-1.4.8/src/rrd_tune.c
===================================================================
--- rrdtool-1.4.8.orig/src/rrd_tune.c   2013-05-23 09:55:07.000000000 +0200
+++ rrdtool-1.4.8/src/rrd_tune.c        2014-06-15 23:22:35.135433546 +0200
@@ -126,8 +126,7 @@
         optcnt++;
         switch (opt) {
         case 'h':
-            old_locale = setlocale(LC_NUMERIC, NULL);
-            setlocale(LC_NUMERIC, "C");
+            old_locale = setlocale(LC_NUMERIC, "C");
             if ((matches =
                  sscanf(optarg, DS_NAM_FMT ":%ld", ds_nam,
                         &heartbeat)) != 2) {
@@ -147,8 +146,7 @@
             break;

         case 'i':
-            old_locale = setlocale(LC_NUMERIC, NULL);
-            setlocale(LC_NUMERIC, "C");
+            old_locale = setlocale(LC_NUMERIC, "C");
             if ((matches =
                  sscanf(optarg, DS_NAM_FMT ":%lf", ds_nam, &min)) < 1) {
                 rrd_set_error("invalid arguments for minimum ds value");
@@ -170,8 +168,7 @@
             break;

         case 'a':
-            old_locale = setlocale(LC_NUMERIC, NULL);
-            setlocale(LC_NUMERIC, "C");
+            old_locale = setlocale(LC_NUMERIC, "C");
             if ((matches =
                  sscanf(optarg, DS_NAM_FMT ":%lf", ds_nam, &max)) < 1) {
                 rrd_set_error("invalid arguments for maximum ds value");
Index: rrdtool-1.4.8/src/rrd_update.c
===================================================================
--- rrdtool-1.4.8.orig/src/rrd_update.c 2013-05-23 09:55:07.000000000 +0200
+++ rrdtool-1.4.8/src/rrd_update.c      2014-06-15 23:23:35.623816879 +0200
@@ -970,8 +970,7 @@
         *current_time = tmp_time.tv_sec;
         *current_time_usec = tmp_time.tv_usec;
     } else {
-        old_locale = setlocale(LC_NUMERIC, NULL);
-        setlocale(LC_NUMERIC, "C");
+        old_locale = setlocale(LC_NUMERIC, "C");
         errno = 0;
         tmp = strtod(updvals[0], 0);
         if (errno > 0) {
@@ -1083,8 +1082,7 @@
                 }
                 break;
             case DST_ABSOLUTE:
-                old_locale = setlocale(LC_NUMERIC, NULL);
-                setlocale(LC_NUMERIC, "C");
+                old_locale = setlocale(LC_NUMERIC, "C");
                 errno = 0;
                 pdp_new[ds_idx] = strtod(updvals[ds_idx + 1], &endptr);
                 if (errno > 0) {
@@ -1102,8 +1100,7 @@
                 rate = pdp_new[ds_idx] / interval;
                 break;
             case DST_GAUGE:
-                old_locale = setlocale(LC_NUMERIC, NULL);
-                setlocale(LC_NUMERIC, "C");
+                old_locale = setlocale(LC_NUMERIC, "C");
                 errno = 0;
                 pdp_new[ds_idx] =
                     strtod(updvals[ds_idx + 1], &endptr) * interval;


-- System Information:
Debian Release: 7.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (400,
'testing'), (300, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-0.bpo.1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
(ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rrdtool depends on:
ii  libc6         2.13-38+deb7u1
ii  librrd4       1.4.8-3
ii  libruby1.8    1.8.7.358-7.1+deb7u1
ii  libruby1.9.1  1.9.3.194-8.1+deb7u2

rrdtool recommends no packages.

Versions of packages rrdtool suggests:
ii  librrds-perl  1.4.8-3

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to