found the bug: it's a buffer overflow in rrd_set_error. the static
buffer lengths are initialised the wrong way round in, so vsnprintf
(securely! :-p ) writes 4096 bytes into a 256 byte buffer, screwing up
the pointers in struct global_ctx. cue segfault.
a patch against 1.2.15 is attached, and i'm about to notify upstream.
--matt
--
Matthew Boyle
Junior Systems Administrator
DecisionSoft Limited http://www.decisionsoft.com
--- rrdtool-1.2.15/src/rrd_not_thread_safe.c 2006-07-14 13:11:26.000000000 +0100
+++ rrdtool-1.2.15-modified/src/rrd_not_thread_safe.c 2008-04-09 19:51:14.415714985 +0100
@@ -22,8 +22,8 @@
static struct rrd_context global_ctx = {
sizeof(rrd_error),
sizeof(rrd_liberror),
- rrd_error,
rrd_liberror
+ rrd_error,
};
#include <stdarg.h>
