id summary reporter owner description type status priority milestone component version severity resolution keywords cc 644 buffer overflow with long exclude list victor gattegno Bruno Cornec "The exclude list is 2617 characters long, and a ''buffer overflow'' occurs at mondoarchive '''Command in a shell-script''' {{{ /usr/sbin/mondoarchive -O -i -d /mnt/backup -N -E ""`cat $EXCL_TMP`"" -s 4480m -S $SCRATCH_DIR -T $SCRATCH_DIR -p `hostname`-`date +%Y-%m-%d` }}} '''backup log''' {{{ ---evalcall---1--- Calling MINDI to create boot+data disk ---evalcall---2--- TASK: [*...................] 3% done; 2:09 to go ---evalcall---E--- *** buffer overflow detected ***: /usr/sbin/mondoarchive terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7fb70e90f877] /lib64/libc.so.6(+0xe9510)[0x7fb70e90d510] /lib64/libc.so.6(+0xe8809)[0x7fb70e90c809] /lib64/libc.so.6(_IO_default_xsputn+0x85)[0x7fb70e897905] /lib64/libc.so.6(_IO_vfprintf+0x34ba)[0x7fb70e86a3fa] /lib64/libc.so.6(__vsprintf_chk+0x9d)[0x7fb70e90c8ad] /lib64/libc.so.6(__sprintf_chk+0x80)[0x7fb70e90c7f0] /usr/sbin/mondoarchive[0x420813] /usr/sbin/mondoarchive[0x40cc2e] /usr/sbin/mondoarchive[0x40dc56] /usr/sbin/mondoarchive[0x403d77] /lib64/libc.so.6(__libc_start_main+0xe6)[0x7fb70e842bc6] /usr/sbin/mondoarchive[0x403089] }}} '''mondoarchive.log''' {{{ [Main] libmondo-archive.c->call_mindi_to_supply_boot_disks#918: mindi --custom /depot_local/mondo.tmp.UgBjbI /depot_local/mondo.scratch.22514/mondo.scratch.27861/images '/boot/vmlinuz-2.6.32.54-0.3.1.4252.1.PTF-default' '' '0' 351154 'no' 'no' '' 'yes' 953 131 '/dev/mapper/mp_eva11_chu404_vgdb3arch_disk02|...|/dev/mapper/mp_eva11_chu404_vgsb3_disk2' 'yes' 'no' 'no' 32768 0 'no' SIGABRT signal received from OS }}} '''The problem could be the one hereafter''' In libmondo-archive.c, Line 922 {{{ res = run_program_and_log_output(command, FALSE); }}} In libmondo-fork.c I think that is missing {{{ char *command = NULL; }}} in the function run_program_and_log_output {{{ int run_program_and_log_output(char *program, int debug_level) { /*@ buffer ****************************************************** */ char callstr[MAX_STR_LEN * 2]; char incoming[MAX_STR_LEN * 2]; char tmp[MAX_STR_LEN * 2]; char initial_label[MAX_STR_LEN * 2]; }}} For information, ""''char *command = NULL;''"" is defined in function ""run_program_and_log_to_screen"" : {{{ int run_program_and_log_to_screen(char *basic_call, char *what_i_am_doing) { .......... /*@ buffers **************************************************** */ char *tmp = NULL; char *command = NULL; }}} I emailed logs and other informations directly to Bruno. " defect closed normal 3.3.0 mondo 3.0.2 normal fixed mondoarchive buffer overflow