[ZBX-15122] Invalid read of size 1 when using web scenarios Created: 2018 Nov 02  Updated: 2024 Apr 10  Resolved: 2018 Nov 05

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Proxy (P), Server (S)
Affects Version/s: 3.4.14, 4.0.1, 4.2.0alpha1
Fix Version/s: 3.4.15rc1, 4.0.2rc1, 4.2.0alpha1, 4.2 (plan)

Type: Problem report Priority: Major
Reporter: Vladislavs Sokurenko Assignee: Vladislavs Sokurenko
Resolution: Fixed Votes: 0
Labels: crash
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Causes
caused by ZBXNEXT-2074 web monitoring variables are not URL-... Closed
Team: Team A
Sprint: Sprint 46, Nov 2018
Story Points: 1

 Description   

Create real life web scenario from example at https://www.zabbix.com/documentation/4.0/manual/web_monitoring/example

See that valgrind complains about invalid read of size 1

==9097== Invalid read of size 1
==9097== at 0x483BC26: strlen (vg_replace_strmem.c:460)
==9097== by 0x575AFEC: ??? (in /usr/lib64/libcurl.so.4.5.0)
==9097== by 0x5763FF7: ??? (in /usr/lib64/libcurl.so.4.5.0)
==9097== by 0x57656A0: curl_multi_perform (in /usr/lib64/libcurl.so.4.5.0)
==9097== by 0x575C0BA: curl_easy_perform (in /usr/lib64/libcurl.so.4.5.0)
==9097== by 0x4B3528: process_httptest (httptest.c:825)
==9097== by 0x4B4F08: process_httptests (httptest.c:1117)
==9097== by 0x4ADF58: httppoller_thread (httppoller.c:127)
==9097== by 0x661931: zbx_thread_start (threads.c:133)
==9097== by 0x41E64A: MAIN_ZABBIX_ENTRY (server.c:1133)
==9097== by 0x63107F: daemon_start (daemon.c:392)
==9097== by 0x41D5C1: main (server.c:858)
==9097== Address 0x6e37320 is 0 bytes inside a block of size 80 free'd
==9097== at 0x4839A0C: free (vg_replace_malloc.c:530)
==9097== by 0x4B3DD1: process_httptest (httptest.c:933)
==9097== by 0x4B4F08: process_httptests (httptest.c:1117)
==9097== by 0x4ADF58: httppoller_thread (httppoller.c:127)
==9097== by 0x661931: zbx_thread_start (threads.c:133)
==9097== by 0x41E64A: MAIN_ZABBIX_ENTRY (server.c:1133)
==9097== by 0x63107F: daemon_start (daemon.c:392)
==9097== by 0x41D5C1: main (server.c:858)
==9097== Block was alloc'd at
==9097== at 0x483AD19: realloc (vg_replace_malloc.c:826)
==9097== by 0x66E418: zbx_realloc2 (misc.c:523)
==9097== by 0x67CDF2: zbx_strncpy_alloc (str.c:313)
==9097== by 0x67D54D: zbx_strcpy_alloc (str.c:347)
==9097== by 0x4AF55A: httpstep_pairs_join (httptest.c:239)
==9097== by 0x4B16E9: httpstep_load_pairs (httptest.c:492)
==9097== by 0x4B299B: process_httptest (httptest.c:715)
==9097== by 0x4B4F08: process_httptests (httptest.c:1117)
==9097== by 0x4ADF58: httppoller_thread (httppoller.c:127)
==9097== by 0x661931: zbx_thread_start (threads.c:133)
==9097== by 0x41E64A: MAIN_ZABBIX_ENTRY (server.c:1133)
==9097== by 0x63107F: daemon_start (daemon.c:392)
==9097==
==9097== Invalid read of size 1
==9097== at 0x483BC34: strlen (vg_replace_strmem.c:460)
==9097== by 0x575AFEC: ??? (in /usr/lib64/libcurl.so.4.5.0)
==9097== by 0x5763FF7: ??? (in /usr/lib64/libcurl.so.4.5.0)
==9097== by 0x57656A0: curl_multi_perform (in /usr/lib64/libcurl.so.4.5.0)
==9097== by 0x575C0BA: curl_easy_perform (in /usr/lib64/libcurl.so.4.5.0)
==9097== by 0x4B3528: process_httptest (httptest.c:825)
==9097== by 0x4B4F08: process_httptests (httptest.c:1117)
==9097== by 0x4ADF58: httppoller_thread (httppoller.c:127)
==9097== by 0x661931: zbx_thread_start (threads.c:133)
==9097== by 0x41E64A: MAIN_ZABBIX_ENTRY (server.c:1133)
==9097== by 0x63107F: daemon_start (daemon.c:392)
==9097== by 0x41D5C1: main (server.c:858)
==9097== Address 0x6e37321 is 1 bytes inside a block of size 80 free'd
==9097== at 0x4839A0C: free (vg_replace_malloc.c:530)
==9097== by 0x4B3DD1: process_httptest (httptest.c:933)
==9097== by 0x4B4F08: process_httptests (httptest.c:1117)
==9097== by 0x4ADF58: httppoller_thread (httppoller.c:127)
==9097== by 0x661931: zbx_thread_start (threads.c:133)
==9097== by 0x41E64A: MAIN_ZABBIX_ENTRY (server.c:1133)
==9097== by 0x63107F: daemon_start (daemon.c:392)
==9097== by 0x41D5C1: main (server.c:858)
==9097== Block was alloc'd at
==9097== at 0x483AD19: realloc (vg_replace_malloc.c:826)
==9097== by 0x66E418: zbx_realloc2 (misc.c:523)
==9097== by 0x67CDF2: zbx_strncpy_alloc (str.c:313)
==9097== by 0x67D54D: zbx_strcpy_alloc (str.c:347)
==9097== by 0x4AF55A: httpstep_pairs_join (httptest.c:239)
==9097== by 0x4B16E9: httpstep_load_pairs (httptest.c:492)
==9097== by 0x4B299B: process_httptest (httptest.c:715)
==9097== by 0x4B4F08: process_httptests (httptest.c:1117)
==9097== by 0x4ADF58: httppoller_thread (httppoller.c:127)
==9097== by 0x661931: zbx_thread_start (threads.c:133)
==9097== by 0x41E64A: MAIN_ZABBIX_ENTRY (server.c:1133)
==9097== by 0x63107F: daemon_start (daemon.c:392)

curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.1.1 zlib/1.2.11
Release-Date: 2018-09-05
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy Metalink



 Comments   
Comment by richlv [ 2018 Nov 02 ]

Status is "RESOLVED", looks like some comment might be missing?

wiper: Not tested yet.

<richlv> Thanks, what about the usual comment about the svn branch where something is resolved?

Comment by Vladislavs Sokurenko [ 2018 Nov 05 ]

Fixed in:

  • 3.4.15rc1 r86435
  • 4.0.2rc1 r86436
  • 4.2.0alpha1 (trunk) r86437
Generated at Fri Apr 26 16:27:31 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.