#2268 [5.5.1] Crash in netsnmp_ds_set_string()
A crash occurs in function netsnmp_ds_set_string() with the error "malloc_printerr () from /lib64/libc.so.6". The crash occurs quite consistently when running under load.
The crash is probably due to a free() performed on uninitialized array netsnmp_ds_string within said function netsnmp_ds_set_string(). The code fragment in question is as follows (lines 294-297 of .../snmplib/default_store.c):
if (netsnmp_ds_strings[storeid][which] != NULL) {
free(netsnmp_ds_strings[storeid][which]);
netsnmp_ds_strings[storeid][which] = NULL;
}
Recommended solution:
---------------------------------------
Initialize array "netsnmp_ds_strings" in .../snmplib/default_store.c
"static char *netsnmp_ds_strings[NETSNMP_DS_MAX_IDS][NETSNMP_DS_MAX_SUBIDS];"
It's probably a good idea to also initialize array "netsnmp_ds_voids" defined in the same file.
-------------------------------------------------------------------------------------------------------------
Version: Net-SNMP 5.5.1
Operating system: Linux ***** 2.6.32-71.32.1.el6.x86_64 #1 SMP Mon Jun 13 12:53:38 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
Backtrace:
-----------------
(gdb) bt
#0 0x00000035b34329a5 in raise () from /lib64/libc.so.6
#1 0x00000035b3434185 in abort () from /lib64/libc.so.6
#2 0x00000035b346fd5b in __libc_message () from /lib64/libc.so.6
#3 0x00000035b3475676 in malloc_printerr () from /lib64/libc.so.6
#4 0x00007f3a5070d329 in netsnmp_ds_set_string (storeid=<value optimized="" out="">, which=14, value=0x7f3a347b2460 "169.254.176.15:0") at default_store.c:295
#5 0x00007f3a506e8966 in _sess_open (pss=0x7f3a46ee64d0) at snmp_api.c:1508
#6 snmp_sess_open (pss=0x7f3a46ee64d0) at snmp_api.c:1723
. . .
The C standard says that variables at file scope, whether static or not, are initialized to zero, even if no initializer has been specified.
In case you are not familiar with Valgrind, it's a very helpful tool for finding the cause of memory corruption, which is probably what you are facing.
Hi all,
We meet the same issue again.
I would like to know whether the fix has been in the release.
Thank you!
Sincerely,
Peter
What fix are you talking about? As bart noted these variables are implicitly initialized to zeroes (NULL) because they have file scope, so there are no missing initialization.
Hi Niels,
I just mean the initialization of array "netsnmp_ds_strings". But I do see this issue happen again.
The version is net-snmp-5.7.2.1.
So perhaps there is some other issue we need to fix.
Thank you!
Peter
Last edit: Peter Jia 2015-01-14
Please ignore this message.
Last edit: Peter Jia 2015-01-23
Please ignore this message.
Last edit: Peter Jia 2015-01-23
See bug 2511 for final solution.