[Bug 231212] New: rrdtool 1.2.15 has a grave bug when graphing logarithmic data
https://bugzilla.novell.com/show_bug.cgi?id=231212 Summary: rrdtool 1.2.15 has a grave bug when graphing logarithmic data Product: openSUSE 10.2 Version: Final Platform: x86-64 OS/Version: UNIX Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jo@feuersee.de QAContact: qa@suse.de The rrdtool version 1.2.15 (shipped with openSUSE 10.2) has a grave bug which results to massive memory allocation when trying to graph data on a logarithmic scale and the data processed is <= 0 rrdgraph will allocate an enormous amount of small memory chunks. When the process isn't killed immediately, chances are very high that the machine runs out of physical memory. If the rrdgraph process belongs to root, the machine will stall. There is a patch available (see http://oss.oetiker.ch/rrdtool-trac/changeset/887), however no stable release which includes this patch is available. Since many monitoring sw (like cacti, munin, MRTG, ...) use rrdtool this bug may cause serious problems. Depending on the configuration, this may even escalate to a possible remote attack (forcing values <= 0 for any logarithmic rrdgraph) resulting in a stalled machine. The rrdtool 1.2.12 (shipped with openSUSE 10.1) are not affected, I don't know about the versions in between. Solution would be either to downgrade rrdtool or apply the patch until a new stable version of rrdtool is released. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 chrubis@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |anicka@novell.com |screening@forge.provo.novell| |.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 ------- Comment #2 from anicka@novell.com 2007-01-02 07:13 MST ------- Can you please send me some testcase? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 ------- Comment #4 from jo@feuersee.de 2007-01-02 13:38 MST ------- Here is the link to the corresponding thread in the rrdtool bug/ticket system: http://oss.oetiker.ch/rrdtool-trac/ticket/54 As stated before, the bug seems recognized and fixed, but unreleased. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 anicka@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Comment #5 from anicka@novell.com 2007-01-03 06:41 MST ------- This issue is not that simple as it looked before. I made patch based on changesets r881 and r887 but when I make rrdtool run on the testcase from the linked thread, it still dies out of memory. And it happens also on 10.1. Maybe there are more bugs than this one and the testcase shows more than one, I do not know yet. I will try to find out why it happens. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 ------- Comment #6 from anicka@novell.com 2007-01-03 06:50 MST ------- Created an attachment (id=111366) --> (https://bugzilla.novell.com/attachment.cgi?id=111366&action=view) rrdtool crash testcase This is the testcase from the upstream mailing list. Running testcase.sh ends up out of memory on my 10.1 and 10.2 boxes. I would appreciate any help with testing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 ------- Comment #7 from jo@feuersee.de 2007-01-03 07:40 MST ------- Mis-behavior confirmed for SuSE 10.1 (both i386 and X86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 anicka@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |jo@feuersee.de ------- Comment #8 from anicka@novell.com 2007-01-03 14:41 MST ------- So that's it: this testcase strikes a completely different bug which seems to lie outside of rrdtool, probably in freetype. I will try to track it down, but now back to the original bug: I still does not have a testcase illustrating a crash with logarithmic data. The attached testcase does not crash when a call to freetype is commented out. I would like to test whether the combination of r881 and r887 changesets fixes the problem you originally reported - if yes, we will use it. I could try to make up my own testcase but it would save me some time if you could provide your data which make rrdtool crash. Is it possible? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 ------- Comment #9 from jo@feuersee.de 2007-01-09 04:28 MST ------- Created an attachment (id=111977) --> (https://bugzilla.novell.com/attachment.cgi?id=111977&action=view) Added lm_sensors rrds created by munin (including XML dump for restoring on other arch) Sry, I'm pretty busy this week. I tried to reproduce the crash, but it seems I can't become a rrdtool wizard over the weekend. The attached rrd were created by munin (sensors_volt plugin). The bug occurs when any sensor reading is updated with a 0 value during munin-update und followed by creating the graph during munin-graph. HTH -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 ------- Comment #10 from anicka@novell.com 2007-01-09 07:45 MST ------- I tried to create some simple graphs and I also tried the other testcase from the linked thread but I was not able to reproduce the crash. I did not try to reproduce the crash using munin because I would help to spend a loads of time learning how to set it up - it would help to know how your munin installation calls rrdtool. But OK, let us do it the other way. Does attached rrdtool RPM with r881 and r887 patches help you and stop crashing? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 ------- Comment #11 from anicka@novell.com 2007-01-09 07:48 MST ------- Created an attachment (id=112008) --> (https://bugzilla.novell.com/attachment.cgi?id=112008&action=view) rrdtool - i586 rpm for 10.2 with fixes from upstream -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 ------- Comment #12 from jo@feuersee.de 2007-01-26 16:07 MST ------- Sry, can't test the i386 rpm because all machines avail are X86_64. And I wasn't able to supply a testcase, seems I can't dig rrdtools in a few minutes. I am quiet busy right now and I don't think I can provide valuable input within the next 14days. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 anicka@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|anicka@novell.com |security-team@suse.de Status|NEEDINFO |NEW Info Provider|jo@feuersee.de | ------- Comment #13 from anicka@novell.com 2007-01-29 06:45 MST ------- Fix for 10.2 extracted from 1.2.18 and submitted, stable upgraded to 10.2.18. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 ------- Comment #14 from thomas@novell.com 2007-01-30 03:40 MST ------- MaintenanceTracker-8174 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 thomas@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |patchinfos submitted -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 thomas@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |jo@feuersee.de ------- Comment #15 from thomas@novell.com 2007-01-31 00:26 MST ------- packages approved -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=231212 thomas@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|jo@feuersee.de | Resolution| |FIXED ------- Comment #16 from thomas@novell.com 2007-01-31 01:19 MST ------- done -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com