Package: sysstat Version: 9.0.1-1 Severity: normal
Hi, I've started experiencing this bug after replacing my desktop machine. Rebuilding sysstat with "nostrip" and running it under valgrind shows that this is a buffer overflow: ==26846== Memcheck, a memory error detector. ==26846== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==26846== Using LibVEX rev 1884, a library for dynamic binary translation. ==26846== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==26846== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framework. ==26846== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==26846== ==26846== My PID = 26846, parent PID = 26845. Prog and args are: ==26846== /tmp/t/sysstat-9.0.1/sadc ==26846== -F ==26846== -L ==26846== -S ==26846== DISK ==26846== 1 ==26846== 1 ==26846== - ==26846== --26846-- --26846-- Command line --26846-- /tmp/t/sysstat-9.0.1/sadc --26846-- -F --26846-- -L --26846-- -S --26846-- DISK --26846-- 1 --26846-- 1 --26846-- - --26846-- Startup, with flags: --26846-- --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp --26846-- --tool=memcheck --26846-- --log-file=/tmp/valgrind.%p --26846-- -v --26846-- --num-callers=25 --26846-- --leak-check=yes --26846-- --show-reachable=yes --26846-- --partial-loads-ok=yes --26846-- --leak-resolution=high --26846-- --trace-children=yes --26846-- Contents of /proc/version: --26846-- Linux version 2.6.29.1 (gomb...@boogie) (gcc version 4.3.3 (Debian 4.3.3-5) ) #7 SMP PREEMPT Tue Apr 14 17:16:20 CEST 2009 --26846-- Arch and hwcaps: AMD64, amd64-sse2 --26846-- Page sizes: currently 4096, max supported 4096 --26846-- Valgrind library directory: /usr/lib/valgrind --26846-- Reading syms from /tmp/t/sysstat-9.0.1/sadc (0x400000) --26846-- Reading syms from /lib/ld-2.9.so (0x4000000) --26846-- Reading debug info from /lib/ld-2.9.so .. --26846-- .. CRC mismatch (computed e7024009 wanted 3ae006f5) --26846-- object doesn't have a symbol table --26846-- Reading syms from /usr/lib/valgrind/amd64-linux/memcheck (0x38000000) --26846-- object doesn't have a dynamic symbol table --26846-- Reading suppressions file: /usr/lib/valgrind/debian-libc6-dbg.supp --26846-- Reading suppressions file: /usr/lib/valgrind/default.supp --26846-- Reading syms from /usr/lib/valgrind/amd64-linux/vgpreload_core.so (0x4a1e000) --26846-- Reading syms from /usr/lib/valgrind/amd64-linux/vgpreload_memcheck.so (0x4c1f000) --26846-- Reading syms from /lib/libc-2.9.so (0x4e27000) --26846-- Reading debug info from /lib/libc-2.9.so .. --26846-- .. CRC mismatch (computed e270479d wanted c78f28b2) --26846-- object doesn't have a symbol table --26846-- REDIR: 0x4ea1190 (rindex) redirected to 0x4c23c70 (rindex) --26846-- REDIR: 0x4ea07c0 (strcmp) redirected to 0x4c24370 (strcmp) --26846-- REDIR: 0x4ea0d50 (strlen) redirected to 0x4c24090 (strlen) --26846-- REDIR: 0x4ea0ff0 (strncmp) redirected to 0x4c242f0 (strncmp) --26846-- REDIR: 0x4e9ac80 (free) redirected to 0x4c22550 (free) --26846-- REDIR: 0x4e9d840 (malloc) redirected to 0x4c23850 (malloc) --26846-- REDIR: 0x4ea3ed0 (memcpy) redirected to 0x4c244e0 (memcpy) --26846-- REDIR: 0xffffffffff600400 (???) redirected to 0x3803e26d (vgPlain_amd64_linux_REDIR_FOR_vtime) --26846-- REDIR: 0x4ea0800 (strcpy) redirected to 0x4c240f0 (strcpy) --26846-- REDIR: 0x4ea6930 (strchrnul) redirected to 0x4c24fe0 (strchrnul) --26846-- REDIR: 0x4ea28b0 (memmove) redirected to 0x4c24f80 (memmove) --26846-- REDIR: 0x4ea3590 (mempcpy) redirected to 0x4c25040 (mempcpy) --26846-- REDIR: 0x4e9dd30 (realloc) redirected to 0x4c23970 (realloc) --26846-- REDIR: 0x4ea2a60 (memset) redirected to 0x4c24f10 (memset) --26846-- REDIR: 0x4ea2210 (memchr) redirected to 0x4c24490 (memchr) --26846-- REDIR: 0x4ea6810 (rawmemchr) redirected to 0x4c25020 (rawmemchr) --26846-- REDIR: 0x4ea0610 (index) redirected to 0x4c23d90 (index) ==26846== Invalid write of size 1 ==26846== at 0x4C24F52: memset (mc_replace_strmem.c:493) ==26846== by 0x401A8A: reset_stats (sadc.c:210) ==26846== by 0x4027A4: rw_sa_stat_loop (sadc.c:817) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc0 is 0 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) ==26846== ==26846== Invalid write of size 1 ==26846== at 0x4C24F3C: memset (mc_replace_strmem.c:493) ==26846== by 0x401A8A: reset_stats (sadc.c:210) ==26846== by 0x4027A4: rw_sa_stat_loop (sadc.c:817) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc1 is 1 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) ==26846== ==26846== Invalid write of size 1 ==26846== at 0x4C24F41: memset (mc_replace_strmem.c:493) ==26846== by 0x401A8A: reset_stats (sadc.c:210) ==26846== by 0x4027A4: rw_sa_stat_loop (sadc.c:817) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc2 is 2 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) ==26846== ==26846== Invalid write of size 1 ==26846== at 0x4C24F46: memset (mc_replace_strmem.c:493) ==26846== by 0x401A8A: reset_stats (sadc.c:210) ==26846== by 0x4027A4: rw_sa_stat_loop (sadc.c:817) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc3 is 3 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) ==26846== ==26846== Invalid write of size 1 ==26846== at 0x4C24F38: memset (mc_replace_strmem.c:493) ==26846== by 0x401A8A: reset_stats (sadc.c:210) ==26846== by 0x4027A4: rw_sa_stat_loop (sadc.c:817) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc4 is 4 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) --26846-- REDIR: 0x4ea10c0 (strncpy) redirected to 0x4c241c0 (strncpy) ==26846== ==26846== Syscall param write(buf) points to unaddressable byte(s) ==26846== at 0x4EE8F30: write (in /lib/libc-2.9.so) ==26846== by 0x401F54: write_all (sadc.c:287) ==26846== by 0x40201F: write_stats (sadc.c:556) ==26846== by 0x402914: rw_sa_stat_loop (sadc.c:846) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc0 is 0 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) ==26846== ==26846== ERROR SUMMARY: 65 errors from 6 contexts (suppressed: 8 from 1) ==26846== ==26846== 1 errors in context 1 of 6: ==26846== Syscall param write(buf) points to unaddressable byte(s) ==26846== at 0x4EE8F30: write (in /lib/libc-2.9.so) ==26846== by 0x401F54: write_all (sadc.c:287) ==26846== by 0x40201F: write_stats (sadc.c:556) ==26846== by 0x402914: rw_sa_stat_loop (sadc.c:846) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc0 is 0 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) ==26846== ==26846== 8 errors in context 2 of 6: ==26846== Invalid write of size 1 ==26846== at 0x4C24F38: memset (mc_replace_strmem.c:493) ==26846== by 0x401A8A: reset_stats (sadc.c:210) ==26846== by 0x4027A4: rw_sa_stat_loop (sadc.c:817) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc4 is 4 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) ==26846== ==26846== 8 errors in context 3 of 6: ==26846== Invalid write of size 1 ==26846== at 0x4C24F52: memset (mc_replace_strmem.c:493) ==26846== by 0x401A8A: reset_stats (sadc.c:210) ==26846== by 0x4027A4: rw_sa_stat_loop (sadc.c:817) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc0 is 0 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) ==26846== ==26846== 16 errors in context 4 of 6: ==26846== Invalid write of size 1 ==26846== at 0x4C24F46: memset (mc_replace_strmem.c:493) ==26846== by 0x401A8A: reset_stats (sadc.c:210) ==26846== by 0x4027A4: rw_sa_stat_loop (sadc.c:817) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc3 is 3 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) ==26846== ==26846== 16 errors in context 5 of 6: ==26846== Invalid write of size 1 ==26846== at 0x4C24F41: memset (mc_replace_strmem.c:493) ==26846== by 0x401A8A: reset_stats (sadc.c:210) ==26846== by 0x4027A4: rw_sa_stat_loop (sadc.c:817) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc2 is 2 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) ==26846== ==26846== 16 errors in context 6 of 6: ==26846== Invalid write of size 1 ==26846== at 0x4C24F3C: memset (mc_replace_strmem.c:493) ==26846== by 0x401A8A: reset_stats (sadc.c:210) ==26846== by 0x4027A4: rw_sa_stat_loop (sadc.c:817) ==26846== by 0x402B7D: main (sadc.c:1083) ==26846== Address 0x517dcc1 is 1 bytes after a block of size 352 alloc'd ==26846== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==26846== by 0x4C23AA7: realloc (vg_replace_malloc.c:429) ==26846== by 0x4019E2: sa_sys_init (sadc.c:235) ==26846== by 0x402B26: main (sadc.c:1043) --26846-- --26846-- supp: 8 Debian libc6 (2.9.x) stripped dynamic linker ==26846== ==26846== IN SUMMARY: 65 errors from 6 contexts (suppressed: 8 from 1) ==26846== ==26846== malloc/free: in use at exit: 0 bytes in 0 blocks. ==26846== malloc/free: 62 allocs, 62 frees, 25,989 bytes allocated. ==26846== ==26846== All heap blocks were freed -- no leaks are possible. --26846-- memcheck: sanity checks: 1 cheap, 2 expensive --26846-- memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use --26846-- memcheck: auxmaps_L1: 0 searches, 0 cmps, ratio 0:10 --26846-- memcheck: auxmaps_L2: 0 searches, 0 nodes --26846-- memcheck: SMs: n_issued = 15 (240k, 0M) --26846-- memcheck: SMs: n_deissued = 0 (0k, 0M) --26846-- memcheck: SMs: max_noaccess = 524287 (8388592k, 8191M) --26846-- memcheck: SMs: max_undefined = 0 (0k, 0M) --26846-- memcheck: SMs: max_defined = 117 (1872k, 1M) --26846-- memcheck: SMs: max_non_DSM = 15 (240k, 0M) --26846-- memcheck: max sec V bit nodes: 0 (0k, 0M) --26846-- memcheck: set_sec_vbits8 calls: 0 (new: 0, updates: 0) --26846-- memcheck: max shadow mem size: 4384k, 4M --26846-- translate: fast SP updates identified: 2,499 ( 86.7%) --26846-- translate: generic_known SP updates identified: 288 ( 9.9%) --26846-- translate: generic_unknown SP updates identified: 94 ( 3.2%) --26846-- tt/tc: 6,980 tt lookups requiring 7,185 probes --26846-- tt/tc: 6,980 fast-cache updates, 2 flushes --26846-- transtab: new 3,401 (76,644 -> 1,235,585; ratio 161:10) [0 scs] --26846-- transtab: dumped 0 (0 -> ??) --26846-- transtab: discarded 0 (0 -> ??) --26846-- scheduler: 182,445 jumps (bb entries). --26846-- scheduler: 1/4,011 major/minor sched events. --26846-- sanity: 2 cheap, 2 expensive checks. --26846-- exectx: 769 lists, 385 contexts (avg 0 per list) --26846-- exectx: 580 searches, 290 full compares (500 per 1000) --26846-- exectx: 0 cmp2, 288 cmp4, 0 cmpAll --26846-- errormgr: 14 supplist searches, 1,004 comparisons during search --26846-- errormgr: 73 errlist searches, 341 comparisons during search Gabor -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (110, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.29.1 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sysstat depends on: ii bzip2 1.0.5-1 high-quality block-sorting file co ii debconf [debconf-2.0] 1.5.26 Debian configuration management sy ii libc6 2.9-7 GNU C Library: Shared libraries ii lsb-base 3.2-22 Linux Standard Base 3.2 init scrip ii ucf 3.0018 Update Configuration File: preserv Versions of packages sysstat recommends: ii cron 3.0pl1-105 management of regular background p Versions of packages sysstat suggests: pn isag <none> (no description available) -- debconf information: sysstat/enable: true sysstat/remove_files: true -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
