Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-10551

Possible crash when processing trigger expression with '{' without matching '}' reported by coverity

XMLWordPrintable

      Found by Coverity (CID 118926). See the code:

      		for (br = tr->expression, bl = strchr(tr->expression, '{'); NULL != bl; bl = strchr(bl, '{'))
		{
			...
			if (NULL == (br = strchr(bl, '}')))	/* suppose br == NULL here */
			{
				tr[i].new_error = zbx_strdup(tr[i].new_error, "Invalid trigger expression");
				tr[i].new_value = TRIGGER_VALUE_UNKNOWN;
				THIS_SHOULD_NEVER_HAPPEN;
				break;
			}
			...
		}

		if (NULL == tr->new_error)
		{
			zbx_strcpy_alloc(&out, &out_alloc, &out_offset, br);	/* dereferencing br == NULL */
			...
		}

      From one point of view frontend must prohibit such trigger expressions and THIS_SHOULD_NEVER_HAPPEN, but on the other hand we even try to set a meaningful error message for this situation. Just to crash on the next step. I think this should be fixed.

      Similar situation in extract_numbers() (CID 118924).

            Unassigned Unassigned
            glebs.ivanovskis Glebs Ivanovskis (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: