I did a little bit of messing around with the package, recompiling it
with DEB_BUILD_OPTIONS="nostrip debug" (just building with nostrip
wasn't enough, but apparently according to policy all packages should be
built with symbols, so the need for "debug" could be a separate bug).

Here's the backtrace:

#0  0x00002aaaab887be0 in strlen () from /lib/libc.so.6
#1  0x00002aaaab855cf5 in vfprintf () from /lib/libc.so.6
#2  0x00002aaaab87ac76 in vsnprintf () from /lib/libc.so.6
#3  0x00002aaaab1cbf08 in snmp_vlog (priority=6, format=0x2aaaaabca984
"%s%s", ap=0x7fffff97d480) at snmp_logging.c:1127
#4  0x00002aaaab1cbfe8 in snmp_log (priority=-16843009,
format=0x2aaaab919a20 "G") at snmp_logging.c:1160
#5  0x00002aaaaabc55f2 in print_handler (pdu=0x57c840,
transport=0x576b20,
handler=0x2aaaaacccdb8) at snmptrapd_handlers.c:651
#6  0x00002aaaaabc6723 in snmp_input (op=-6826816, session=0x51ff60,
reqid=-6826816, pdu=0x57c840, magic=0x576b20) at
snmptrapd_handlers.c:1054
#7  0x00002aaaab1b77d8 in _sess_process_packet (sessp=0x56b910,
sp=0x51ff60,
isp=0x578c90, transport=0x57c840, opaque=0x579630, olength=16,
packetptr=0x57ebe0 "0\202\003V\002\001", length=858) at snmp_api.c:5208
#8  0x00002aaaab1b84e0 in _sess_read (sessp=0x56b910, fdset=0x35a) at
snmp_api.c:5605
#9  0x00002aaaab1b8a29 in snmp_sess_read (sessp=0x56b910,
fdset=0x2aaaab919a20) at snmp_api.c:5624
#10 0x00002aaaab1b7ba3 in snmp_read (fdset=0x7fffff97dc90) at
snmp_api.c:5260
#11 0x0000000000404343 in main (argc=-6824832, argv=0x7fffff97dc90)
at snmptrapd.c:1182

In the snmp_vlog function, if I change "format" to "%d%d", the trap does
get outputted (not sure what it's missing), but if I leave it "%s%s" or
even "%s%d", it fails (so, whatever's in the first varargs option is
failing the strlen check and overrunning).

I tried adding a null terminator to the dynamic buffer (at length),
hoping
that was it, but that didn't make any difference (still crashed).

C coding isn't my day job, so I'm a little out of my league, but if
there's any debugging I can do to help (aside from remote access to a
system :P), let me know.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to