[ZBX-7534] Not enough buffer size for reading DB, especially function parameter Created: 2013 Dec 13  Updated: 2019 Jun 10  Resolved: 2019 Jun 10

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Server (S)
Affects Version/s: 1.8.19, 2.0.10, 2.2.1
Fix Version/s: 2.2.4rc1, 2.3.1

Type: Incident report Priority: Major
Reporter: MATSUDA Daiki Assignee: Zabbix Development Team
Resolution: Fixed Votes: 0
Labels: utf8
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File zabbix-1.8.19_correct_buffer_size_for_utf8.patch     File zabbix-2.0.10_correct_buffer_size_for_utf8.patch    

 Description   

Zabbix server does not have enough buffer size for reading DB.
Because in spite of reading as UTF-8, it fixes the words length, e.g FUNCTION_PARAMETER_LEN is 255 and FUNCTION_PARAMETER_LEN_MAX is 256 for varchar(255).

Though almost are correct because UTF-8 characters are block in inputin time on WEB UI, especially 'parameter' of functions tables is accept for UTF-8. So, its buffer size must be (FUNCTION_PARAMETER_LEN * 4 + 1).

I attached the patches for 1.8.19 and 2.0.10. There is a same problem in 2.2.x. But I do not use yet.



 Comments   
Comment by Aleksandrs Saveljevs [ 2014 Mar 28 ]

We have investigated this issue during Bugsquash Day #3 and it seems that a proper fix is out of scope of bug squashing.

The problem with the proposed solution in the patches is that it increases memory usage and also increases buffer sizes even for fields where the current size is perfectly enough. For instance, HOST_HOST_LEN_MAX and GRAPH_ITEM_COLOR_LEN_MAX - those cannot have UTF-8 symbols in them.

A proper solution would probably be to use dynamic allocation, but this has to be decided on a case-by-case basis, which requires significant effort, because a lot of source code has to be read and considered.

During the bugsquash, we have only fixed the FUNCTION_FUNCTION_LEN_MAX and FUNCTION_PARAMETER_LEN_MAX cases by replacing them with dynamic allocation. This change is available in development branch svn://svn.zabbix.com/branches/dev/ZBX-7534.

The plan is to fix this issue gradually. So once the change above is merged, this issue will still be kept open.

Comment by Aleksandrs Saveljevs [ 2014 Apr 08 ]

The fix above is available in pre-2.2.4 r44204 and pre-2.3.0 (trunk) r44205.

Comment by Nikolajs Agafonovs (Inactive) [ 2014 Apr 16 ]

(2) remove all appearances of DSERVICE_VALUE_LEN_MAX.

nikolajs.agafonovs RESOLVED in r44538

(3) make "value" in DB_DSERVICE dynamical variable.

nikolajs.agafonovs RESOLVED in r44538

sasha CLOSED

Comment by Nikolajs Agafonovs (Inactive) [ 2014 Apr 29 ]

The fix above (DSERVICE_VALUE_LEN_MAX) is available in pre-2.3.0 (trunk) r44947.

Comment by Alexander Vladishev [ 2014 Apr 30 ]

HTTPTEST_HTTP_USER_LEN_MAX and HTTPTEST_HTTP_PASSWORD_LEN_MAX should be refactored too

nikolajs.agafonovs RESOLVED in r45054

sasha TESTED Please review my changes in r45059.

nikolajs.agafonovs changes reviewed. CLOSED

nikolajs.agafonovs The fix above is available in pre-2.3.0 (trunk) r45076

Comment by Alexander Vladishev [ 2019 Jun 10 ]

The constant FUNCTION_PARAMETER_LEN has been removed from the code. Now the memory is dynamically allocated for reading the parameters from DB.

Generated at Fri Mar 29 11:14:36 EET 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.