[BUG] stack smashing in mrt_open_file & tm_format_real_time
Wydrych, Piotr
pwydrych at akamai.com
Mon Apr 12 08:03:10 CEST 2021
Hello,
I think I found a bug in mrt_open_file & tm_format_real_time. On some of
my systems, mrt dump crashes if the filename pattern is longer than 42B.
Daemon dies with "*** stack smashing detected ***: <unknown> terminated"
and no other fail messages are displayed.
I'm attaching gdb's bt full.
I took a look at the code and I found something that worries me. First,
mrt_open_file uses 4kB buffers for path pattern and final name while
tm_format_real_time uses only 32B buffer for pattern. Second, in call to
strfusec, it specifies 32B buffer and length of output buffer. But please
take my findings with a grain of salt, I'm not a C expert :-)
Could you please verify that?
Thanks,
Piotr
--
Piotr 'GhosT' Wydrych ........ Engineering Manager, SDN ......... Akamai
........................................................................
A: Because it messes up the order in which people normally read text. ..
Q: Why is top-posting such a bad thing? ................................
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: stack_smashing_bug.txt
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20210412/40f4c98c/attachment.txt>
More information about the Bird-users
mailing list