[ZBX-7534] Not enough buffer size for reading DB, especially function parameter Created: 2013 Dec 13 Updated: 2019 Jun 10 Resolved: 2019 Jun 10 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Server (S) |
Affects Version/s: | 1.8.19, 2.0.10, 2.2.1 |
Fix Version/s: | 2.2.4rc1, 2.3.1 |
Type: | Incident report | Priority: | Major |
Reporter: | MATSUDA Daiki | Assignee: | Zabbix Development Team |
Resolution: | Fixed | Votes: | 0 |
Labels: | utf8 | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | zabbix-1.8.19_correct_buffer_size_for_utf8.patch zabbix-2.0.10_correct_buffer_size_for_utf8.patch |
Description |
Zabbix server does not have enough buffer size for reading DB. Though almost are correct because UTF-8 characters are block in inputin time on WEB UI, especially 'parameter' of functions tables is accept for UTF-8. So, its buffer size must be (FUNCTION_PARAMETER_LEN * 4 + 1). I attached the patches for 1.8.19 and 2.0.10. There is a same problem in 2.2.x. But I do not use yet. |
Comments |
Comment by Aleksandrs Saveljevs [ 2014 Mar 28 ] |
We have investigated this issue during Bugsquash Day #3 and it seems that a proper fix is out of scope of bug squashing. The problem with the proposed solution in the patches is that it increases memory usage and also increases buffer sizes even for fields where the current size is perfectly enough. For instance, HOST_HOST_LEN_MAX and GRAPH_ITEM_COLOR_LEN_MAX - those cannot have UTF-8 symbols in them. A proper solution would probably be to use dynamic allocation, but this has to be decided on a case-by-case basis, which requires significant effort, because a lot of source code has to be read and considered. During the bugsquash, we have only fixed the FUNCTION_FUNCTION_LEN_MAX and FUNCTION_PARAMETER_LEN_MAX cases by replacing them with dynamic allocation. This change is available in development branch svn://svn.zabbix.com/branches/dev/ZBX-7534. The plan is to fix this issue gradually. So once the change above is merged, this issue will still be kept open. |
Comment by Aleksandrs Saveljevs [ 2014 Apr 08 ] |
The fix above is available in pre-2.2.4 r44204 and pre-2.3.0 (trunk) r44205. |
Comment by Nikolajs Agafonovs (Inactive) [ 2014 Apr 16 ] |
(2) remove all appearances of DSERVICE_VALUE_LEN_MAX. nikolajs.agafonovs RESOLVED in r44538 (3) make "value" in DB_DSERVICE dynamical variable. nikolajs.agafonovs RESOLVED in r44538 sasha CLOSED |
Comment by Nikolajs Agafonovs (Inactive) [ 2014 Apr 29 ] |
The fix above (DSERVICE_VALUE_LEN_MAX) is available in pre-2.3.0 (trunk) r44947. |
Comment by Alexander Vladishev [ 2014 Apr 30 ] |
HTTPTEST_HTTP_USER_LEN_MAX and HTTPTEST_HTTP_PASSWORD_LEN_MAX should be refactored too nikolajs.agafonovs RESOLVED in r45054 sasha TESTED Please review my changes in r45059. nikolajs.agafonovs changes reviewed. CLOSED nikolajs.agafonovs The fix above is available in pre-2.3.0 (trunk) r45076 |
Comment by Alexander Vladishev [ 2019 Jun 10 ] |
The constant FUNCTION_PARAMETER_LEN has been removed from the code. Now the memory is dynamically allocated for reading the parameters from DB. |