>From the stack trace the culprit is:
char cnt[40];
sprintf(cnt, " mismatches found: %d (on raid level %d)",
sra->mismatch_cnt, array.level);
alert("RebuildFinished", dev, cnt, ainfo);
If mismatch_cnt > 99, then the buffer will overflow. In the crash
report, it looks like the submitter had 1536 in mismatch_cnt.
It looks like this has already been fixed in Quantal, which now has:
char cnt[80];
snprintf(cnt, sizeof(cnt),
" mismatches found: %d (on raid level %d)",
sra->mismatch_cnt, array.level);
alert("RebuildFinished", dev, cnt, ainfo);
Lucid, Natty and Oneiric use a shorter format string, so I don't think
this bug exists there. So Precise is the only version affected.
Marking this as Fix Released as it is fixed in Quantal, and nominating
Precise.
** Changed in: mdadm (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/946758
Title:
Format string overflow in Monitor.c:check_array
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mdadm/+bug/946758/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
