[ZBX-10284] Server could crash if all cached actions are removed Created: 2016 Jan 20  Updated: 2017 May 30  Resolved: 2016 Jan 28

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Server (S)
Affects Version/s: 3.0.0beta1
Fix Version/s: 3.0.0beta2

Type: Incident report Priority: Minor
Reporter: Andris Zeila Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: crash
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Coverity report:

*** CID 134481:  Null pointer dereferences  (FORWARD_NULL)
/src/libs/zbxdbcache/dbconfig.c: 3539 in DCsync_action_conditions()
3533            zbx_vector_uint64_sort(&ids, ZBX_DEFAULT_UINT64_COMPARE_FUNC);
3534
3535            zbx_hashset_iter_reset(&config->action_conditions, &iter);
3536
3537            while (NULL != (condition = zbx_hashset_iter_next(&iter)))
3538            {
>>>     CID 134481:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing "&ids" to "zbx_vector_uint64_bsearch", which dereferences null "ids.values".
3539                    if (FAIL != zbx_vector_uint64_bsearch(&ids, condition->conditionid, ZBX_DEFAULT_UINT64_COMPARE_FUNC))
3540                            continue;
3541
3542                    zbx_strpool_release(condition->value);
3543
3544                    zbx_hashset_iter_remove(&iter);


 Comments   
Comment by Andris Zeila [ 2016 Jan 20 ]

Fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-10284

Comment by Sandis Neilands (Inactive) [ 2016 Jan 20 ]

The issue was introduced with the correction for ZBXNEXT-3051.

Comment by Sandis Neilands (Inactive) [ 2016 Jan 21 ]

The server will not crash at least with the current implementations of GNU and *BSD bsearch(3). They will not dereference the base pointer since the array size ids.values_num is 0. While the manual pages do not state it explicitly it is implied that NULL base should not be passed to bsearch(3).

Probably Coverity complains because it has model for bsearch(3) where NULL base is not allowed (and who knows what happens on AIX, HP-UX, Solaris...).

Comment by Sandis Neilands (Inactive) [ 2016 Jan 22 ]

(1) ZBX_STR2UCHAR calls atoi(3) itself, no need to do it for it Also silenced another warning in dbconfig.c. RESOLVED in r57928.

wiper CLOSED

Comment by Sandis Neilands (Inactive) [ 2016 Jan 22 ]

Successfully tested.

Comment by Andris Zeila [ 2016 Jan 26 ]

Releaed in:

  • pre-3.0.0beta2 r57972
Generated at Fri Apr 26 01:40:07 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.