[dev.icinga.com #1673] Segmentation fault on status.cgi?host=all under Debian Squeeze64 bit Icinga 1.4.0|1

[icinga-migration]

This issue has been migrated from Redmine: https://dev.icinga.com/issues/1673

Created by denny on 2011-06-23 08:56:15 +00:00

Assignee: (none)
Status: Resolved (closed on 2011-06-28 01:28:16 +00:00)
Target Version: 1.4.2
Last Update: 2014-12-08 09:42:16 +00:00 (in Redmine)

Icinga Version: 1.10.0
OS Version: any

---

hi,

I get since yesterday at 2pm a segmentation fault, if I call the status.cgi with host=all

• System: Debian Squeeze
• Kernel : 2.6.32-5-amd64
• ./configure: --with-command-group=icinga-cmd --with-icinga-group=icinga --enable-idoutils --enable-ssl --prefix=/usr/local/icinga --with-icinga-user=icinga -with-httpd-conf=/etc/apache2/conf.d/
• Icinga Version: 1.4.0 and after I saw the error: 1.4.1
• Browser: all (Firefox/Safari/bash)

Icinga 1.4.0 was running a long time and everything works, as I expected. I didn't change anything (no Debian Updates, nor config files). From one moment, to another moment.

All other search Strings are OK (as I checked), only host=all generates the problem.

export REQUEST_METHOD='GET'
export REMOTE_USER='denny'
export QUERY_STRING='host=all'

cacti:/usr/local/icinga/sbin# gdb ./status.cgi 
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /usr/local/icinga/sbin/status.cgi...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/local/icinga/sbin/status.cgi 
Cache-Control: no-store
Pragma: no-cache
Refresh: 90
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-type: text/html; charset="utf-8"






Current Network Status















<!-- SkinnyTip (c) Elliott Brueggeman -->







Current Network Status
Last Updated: Thu Jun 23 10:29:14 CEST 2011
Updated every 90 seconds [pause]
Icinga 1.4.1 - www.icinga.org
(Credits to: Nagios® - www.nagios.org)Logged in as denny




Host Status Totals




Up
Down
Unreachable
Pending


46
2
0
0





All Problems
All Types

2
48






Service Status Totals




Ok
Warning
Unknown
Critical
Pending


196
1
0
2
0





All Problems
All Types

3
199















View History For all hosts
View Notifications For All Hosts
View Host Status Detail For All Hosts




Commands for checked services
Select commandAdd a Comment to Checked Service(s)Disable Active Checks Of Checked Service(s)Enable Active Checks Of Checked Service(s)Re-schedule Next Service CheckSubmit Passive Check Result For Checked Service(s)Stop Accepting Passive Checks For Checked Service(s)Start Accepting Passive Checks For Checked Service(s)Stop Obsessing Over Checked Service(s)Start Obsessing Over Checked Service(s)Acknowledge Checked Service(s) ProblemRemove Problem Acknowledgement for Checked Service(s)Disable Notifications For Checked Service(s)Enable Notifications For Checked Service(s)Send Custom Notification For Checked Service(s)Delay Next Notification For Checked Service(s)Schedule Downtime For Checked Service(s)Disable Event Handler For Checked Service(s)Enable Event Handler For Checked Service(s)Disable Flap Detection For Checked Service(s)Enable Flap Detection For Checked Service(s)




Program received signal SIGSEGV, Segmentation fault.
0x00007ffff758f382 in ?? () from /lib/libc.so.6

Changesets

2011-06-27 21:19:08 +00:00 by ricardo 31a88a0

fixed: plugin_output_short didn't get checked properly and caused segfault in status.cgi #1673

fixes: #1673

when proccesing plugin_output_short, didn't get checked if it's NULL or not.

2011-06-28 07:11:42 +00:00 by ricardo 4c57eb6

fixed: plugin_output_short didn't get checked properly and caused segfault in status.cgi #1673

fixes: #1673

when proccesing plugin_output_short, didn't get checked if it's NULL or not.

[icinga-migration]

Updated by ricardo on 2011-06-25 20:52:12 +00:00

Hi,

seems like you compile from source. can you execute status.cgi with gdb in the source dir? Then it's unstripped and we might get some more information.

Thanks

[icinga-migration]

Updated by ricardo on 2011-06-25 20:52:33 +00:00

• Status changed from New to Feedback

[icinga-migration]

Updated by denny on 2011-06-26 14:23:09 +00:00

hi,

ricardo wrote:

seems like you compile from source. can you execute status.cgi with gdb in the source dir? Then it's unstripped and we might get some more information.

here we are:

gdb cgi/status.cgi 
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /usr/local/icinga/src/icinga-1.4.1/cgi/status.cgi...done.
(gdb) run
Starting program: /usr/local/icinga/src/icinga-1.4.1/cgi/status.cgi 
Cache-Control: no-store
Pragma: no-cache
Refresh: 90
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-type: text/html; charset="utf-8"






Current Network Status















<!-- SkinnyTip (c) Elliott Brueggeman -->







Current Network Status
Last Updated: Sun Jun 26 14:41:04 CEST 2011
Updated every 90 seconds [pause]
Icinga 1.4.1 - www.icinga.org
(Credits to: Nagios® - www.nagios.org)Logged in as denny




Host Status Totals




Up
Down
Unreachable
Pending


48
0
0
0





All Problems
All Types

0
48






Service Status Totals




Ok
Warning
Unknown
Critical
Pending


196
1
0
2
0





All Problems
All Types

3
199















View History For all hosts
View Notifications For All Hosts
View Host Status Detail For All Hosts




Commands for checked services
Select commandAdd a Comment to Checked Service(s)Disable Active Checks Of Checked Service(s)Enable Active Checks Of Checked Service(s)Re-schedule Next Service CheckSubmit Passive Check Result For Checked Service(s)Stop Accepting Passive Checks For Checked Service(s)Start Accepting Passive Checks For Checked Service(s)Stop Obsessing Over Checked Service(s)Start Obsessing Over Checked Service(s)Acknowledge Checked Service(s) ProblemRemove Problem Acknowledgement for Checked Service(s)Disable Notifications For Checked Service(s)Enable Notifications For Checked Service(s)Send Custom Notification For Checked Service(s)Delay Next Notification For Checked Service(s)Schedule Downtime For Checked Service(s)Disable Event Handler For Checked Service(s)Enable Event Handler For Checked Service(s)Disable Flap Detection For Checked Service(s)Enable Flap Detection For Checked Service(s)




Program received signal SIGSEGV, Segmentation fault.
0x00007ffff758f382 in ?? () from /lib/libc.so.6
(gdb) bt full

#0  0x00007ffff758f382 in ?? () from /lib/libc.so.6

No symbol table info available.

#1  0x0000000000413ca9 in html_encode (input=0x0, escape_newlines=1)

at cgiutils.c:1533
len =
x =
y =
temp_expansion = "\335\376C\000\000\000\000\000\341\376"

#2  0x0000000000403cf5 in add_status_data (status_type=1, 

host_status=, service_status=)
at status.c:5160
status_string = 0x438d88 "WARNING"
host_name = 0x6595d0 "fire03"
svc_description = 0x659400 "check_dns_differences"
plugin_output_short = 0x0
plugin_output_long =
plugin_output = 0x0
last_check = "06-26-2011 14:36:45\000\000\000\000\000l\346\377\377\377\177", '\000' <repeats 17 times>
state_duration = "4d 0h 42m 19s", '\000' <repeats 19 times>"\346, \377\377\377\177\000\000\000\000\000\000\000\000\000"
attempts = "4/4 \000\000\000\000\000\000\000\000\000\200\344\377\367\377\177\000\--Type <r---Typ------T------Type to continue, or q to quit--
\000\000\000\000\000\001\000\000\000\005\017@", '\000' <repeats 61 times>, " \342\377\377\377\177\000\000 \346\377\377\377\177\000\000M\342\377\377\377\177\000\000\000\204C\000\000\000\000\000\000\217C", '\000' <repeats 13 times>, "jHM\367\377\177\000\000\030\000\000\000\060\000\000\000 \336\377\377\377\177\000\000`\335\377\377\377\177", '\000' <repeats 11 times>"\204, C\000\000\000\000\000\327\005D\000\000\000\000\000\212\006D\000\000\000\000\000R\342\377\377\377\177\000\000\004\000\000\000\000\000\000\000\211\006D", '\000' <repeats 13 times>, "hcI\367\377\177\000\000\000\000\000\000\000\000\000\000 \342\377\377\377\177\000\000\000\000\000\000\000\000\000\000 \346\377\377\377\177\000\000 \342\377\377\377\177\000\000\365\"\337\367\377\177\000\000\000\000\000\000\000\000\000\000"...
ts_state_duration = 348139
ts_last_check = 1309091805
ts_last_state_change =
days = 4
hours = 0
minutes = 42
seconds = 19
status = 4
current_attempt = 4
is_flapping = 0
problem_has_been_acknowledged = 0
scheduled_downtime_depth = 0
notifications_enabled = 0
--Type to continue, or q to quit--
checks_enabled = 1

#3  0x000000000040599b in grab_statusdata () at status.c:5018

temp_hoststatus =
temp_servicestatus = 0x6594b0
temp_host = 0x6aaa30
temp_service = 0x6c6490
temp_hostgroup = 0x0
temp_servicegroup = 0x0
preg = {buffer = 0x0, allocated = 0, used = 140737488348628,
syntax = 0, fastmap = 0x0, translate = 0x0,
re_nsub = 140737488348628, can_be_null = 0, regs_allocated = 0,
fastmap_accurate = 0, no_sub = 0, not_bol = 0, not_eol = 0,
newline_anchor = 0}
preg_hostname = {buffer = 0x0, allocated = 0, used = 32,
syntax = 18446715314608537600, fastmap = 0x0,
translate = 0xa00000000

, re\_nsub = 2011, can\_be\_null = 0, regs\_allocated = 0, fastmap\_accurate = 0, no\_sub = 0, not\_bol = 0, not\_eol = 0, newline\_anchor = 0}

#4  0x000000000040c5b2 in show_service_detail () at status.c:1339

temp_buffer = "\250\037\377\367\377\177\000\000\a\000\000\000\000\000\000\000\277'\025\066\000\000\000\000\360\204\336\367\377\177\000\000\000\000\000\000\000\000\000\000?\000\000\000\000\000\000\000\236T\330\000\000\000\000\000\024--Type to continue, or q to quit--
\264H\367\377\177\000\000`\350\377\377\377\177\000\000 \347\377\377\377\177\000\000`\352\377\377\377\177\000\000\020\350\377\377\377\177\000\000\032\377C\000\000\000\000\000\200\350\377\377\377\177\000\000/", '\000' <repeats 15 times>, "`\352\377\377\377\177\000\000\362\363N\367\377\177\000\000\001\200\255\373\000\000\000\000`\352\377\377\377\177\000\000`\352\377\377\377\177\000\000`\352\377\377\377\177\000\000`\352\377\377\377\177\000\000}\352\377\377\377\177\000\000\217\352\377\377\377\177\000\000`\352\377\377\377\177\000\000\217\352\377\377\377\177", '\000' <repeats 50 times>, "0\000\377\367\377\177", '\000' <repeats 18 times>, "\001\000\000\000\000\000\000\000\000\267Q\367\377\177", '\000' <repeats 18 times>"\377, \377\377\377\000\000\000\000\t\000\000\000\000\000\000\000\377\377\377\377\000\000\000\000\312}\336\367\377\177\000\000`\350\377\377\377\177\000\000\200\350\377\377\377\177\000\000\000\000\000\000\000\000\000\000\200"...
temp_url = "\t\000\000\000\000\000\000\000\243[O\367\377\177\000\000\200\067_{\367\377\177\000\000\200\067}\367\377\177\000\000\200\067_{\367\377\177\000\000\000\200\377\367\377\177\000\000\001\000\000\000\000\000\000\000\200\067}\367\377\177\000\000k\244C\000\000\000\000\000\005\202O\367\377\177\000\000\066\000\000\000\000\000\000\000\200\067_{\367\377\177\000\000\000\000\000\000\000\000\000\000\r\000\000\000\000\000\000\000\r\000\000\000\000\000\000\000\327ZO\367\377\177\000\000\002\000\000\000\000\000\000\000\200\067}\367\377\177\000\000\340\351\377\377\377\177\000\000\t\000\000\000\000\000\000\000\360\351\377\377\377\177\000\000\203\200C\000\000\000\000\000\250\377\377\377\377\377\377\377l\235L\367\377\177\000\000\067\000\000\000\000\000\000\000\035\245C\000\000\000\000\000\035\245C\000\000\000\000\000W\220C\000\000\000\000\000W\220C", '\000' <repeats 13 time---Type to continue, or q to quit---
s>"\320, \350\377\377\377\177\000\000\000\000\000\000\321\006\000\000x\351\377\377\377\177\000\000X\351\377\377\377\177\000\000ȤC\000\000\000\000\000"...
processed_string = 0x0
status_class = 0x7ffff77e3780 "\204*\255", <incomplete sequence \373>
status_bg_class =
host_status_bg_class =
last_host =
new_host =
temp_hoststatus =
temp_host =
temp_service =
odd = -142723200
total_comments =
temp_sort = 0x7ffff7ff8000
use_sort = 32767
result =
first_entry =
total_entries = 32767
temp_status =
json_start = 0

#5  0x000000000040f9e4 in main () at status.c:619

result = 0
sound = 0x0
--Type to continue, or q to quit--
temp_host = 0x0
temp_hostgroup = 0x0
temp_servicegroup = 0x0
temp_servicestatus = 0x0
regex_i =
i =
len =

[icinga-migration]

Updated by mfriedrich on 2011-06-26 15:38:20 +00:00

• Target Version changed from 1.4.1 to 1.4.2

it seems that strlen segfaults because of the input being null?

[icinga-migration]

Updated by ricardo on 2011-06-27 13:11:13 +00:00

OK, I guess I found it

can you substitute this line

if (status_show_long_plugin_output!=FALSE && plugin_output_long!=NULL) {

with this:

 if (status_show_long_plugin_output!=FALSE && plugin_output_long!=NULL && plugin_output_short!=NULL) {

in status.c and then a

make && make install

and see if it works??

And if this works, can you tell me what the status data of "fire03/check_dns_differences" is ?

Thanks a lot.

Ricardo

[icinga-migration]

Updated by denny on 2011-06-27 13:48:53 +00:00

hi Ricardo,

ricardo wrote:

OK, I guess I found it

can you substitute this line
[...]
with this:
[...]
in status.c and then a
[...]
and see if it works??

And if this works, can you tell me what the status data of "fire03/check_dns_differences" is ?

it works :-) The Output from the plugin is a bit broken. The first line is empty and after that, the output comes.

Current Status:  WARNING   (for  0d  8h  9m 12s)
Status Information:Warning - Namen sind nur in einer Datenbank enthalten

So, you can close the bug :-)

Thanks.

[icinga-migration]

Updated by ricardo on 2011-06-28 01:28:16 +00:00

• Status changed from Feedback to Resolved
• Done % changed from 0 to 100

Applied in changeset 31a88a0.

[icinga-migration]

Updated by mfriedrich on 2014-12-08 09:42:16 +00:00

• Project changed from 19 to Core, Classic UI, IDOUtils
• Category changed from 52 to Classic UI
• Icinga Version set to 1
• OS Version set to any