[ZBX-10284] Server could crash if all cached actions are removed Created: 2016 Jan 20 Updated: 2017 May 30 Resolved: 2016 Jan 28 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Server (S) |
Affects Version/s: | 3.0.0beta1 |
Fix Version/s: | 3.0.0beta2 |
Type: | Incident report | Priority: | Minor |
Reporter: | Andris Zeila | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 0 |
Labels: | crash | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Coverity report: *** CID 134481: Null pointer dereferences (FORWARD_NULL) /src/libs/zbxdbcache/dbconfig.c: 3539 in DCsync_action_conditions() 3533 zbx_vector_uint64_sort(&ids, ZBX_DEFAULT_UINT64_COMPARE_FUNC); 3534 3535 zbx_hashset_iter_reset(&config->action_conditions, &iter); 3536 3537 while (NULL != (condition = zbx_hashset_iter_next(&iter))) 3538 { >>> CID 134481: Null pointer dereferences (FORWARD_NULL) >>> Passing "&ids" to "zbx_vector_uint64_bsearch", which dereferences null "ids.values". 3539 if (FAIL != zbx_vector_uint64_bsearch(&ids, condition->conditionid, ZBX_DEFAULT_UINT64_COMPARE_FUNC)) 3540 continue; 3541 3542 zbx_strpool_release(condition->value); 3543 3544 zbx_hashset_iter_remove(&iter); |
Comments |
Comment by Andris Zeila [ 2016 Jan 20 ] |
Fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-10284 |
Comment by Sandis Neilands (Inactive) [ 2016 Jan 20 ] |
The issue was introduced with the correction for |
Comment by Sandis Neilands (Inactive) [ 2016 Jan 21 ] |
The server will not crash at least with the current implementations of GNU and *BSD bsearch(3). They will not dereference the base pointer since the array size ids.values_num is 0. While the manual pages do not state it explicitly it is implied that NULL base should not be passed to bsearch(3). Probably Coverity complains because it has model for bsearch(3) where NULL base is not allowed (and who knows what happens on AIX, HP-UX, Solaris...). |
Comment by Sandis Neilands (Inactive) [ 2016 Jan 22 ] |
(1) ZBX_STR2UCHAR calls atoi(3) itself, no need to do it for it Also silenced another warning in dbconfig.c. RESOLVED in r57928. wiper CLOSED |
Comment by Sandis Neilands (Inactive) [ 2016 Jan 22 ] |
Successfully tested. |
Comment by Andris Zeila [ 2016 Jan 26 ] |
Releaed in:
|