Ubuntu
mdadm package

mdadm crash due to buffer overflow when device name is more than 30 chars

Bug #1512554 reported by Sheng Yang
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
mdadm (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

$ cat /etc/issue
Ubuntu 14.04.2 LTS \n \l

$ sudo mdadm --version
mdadm - v3.2.5 - 18th May 2012

$ sudo mdadm --create /dev/md/dcb0db3a-81c6-11e5-84e5-08002780734e --level=mirror --raid-devices 2 /dev/sdc /dev/sdd
mdadm: Note: this array has metadata at the start and
    may not be suitable as a boot device. If you plan to
    store '/boot' on this device please ensure that
    your boot-loader understands md/v1.x metadata, or use
    --metadata=0.90
Continue creating array? yes
*** buffer overflow detected ***: ./mdadm terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7338f)[0x7fb5e493d38f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fb5e49d4c9c]
/lib/x86_64-linux-gnu/libc.so.6(+0x109b60)[0x7fb5e49d3b60]
./mdadm[0x42e045]
./mdadm[0x419873]
./mdadm[0x404fbb]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fb5e48ebec5]
./mdadm[0x40821a]
======= Memory map: ========
00400000-0046a000 r-xp 00000000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
00669000-0066a000 r--p 00069000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
0066a000-00671000 rw-p 0006a000 ca:01 412228 /home/ubuntu/t/sbin/mdadm
00671000-00684000 rw-p 00000000 00:00 0
00957000-00994000 rw-p 00000000 00:00 0 [heap]
7fb5e3e78000-7fb5e3e8e000 r-xp 00000000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e3e8e000-7fb5e408d000 ---p 00016000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e408d000-7fb5e408e000 rw-p 00015000 ca:01 396056 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fb5e408e000-7fb5e4099000 r-xp 00000000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4099000-7fb5e4298000 ---p 0000b000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4298000-7fb5e4299000 r--p 0000a000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e4299000-7fb5e429a000 rw-p 0000b000 ca:01 396076 /lib/x86_64-linux-gnu/libnss_files-2.19.so
7fb5e429a000-7fb5e42a5000 r-xp 00000000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e42a5000-7fb5e44a4000 ---p 0000b000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a4000-7fb5e44a5000 r--p 0000a000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a5000-7fb5e44a6000 rw-p 0000b000 ca:01 396078 /lib/x86_64-linux-gnu/libnss_nis-2.19.so
7fb5e44a6000-7fb5e44bd000 r-xp 00000000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e44bd000-7fb5e46bc000 ---p 00017000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46bc000-7fb5e46bd000 r--p 00016000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46bd000-7fb5e46be000 rw-p 00017000 ca:01 396073 /lib/x86_64-linux-gnu/libnsl-2.19.so
7fb5e46be000-7fb5e46c0000 rw-p 00000000 00:00 0
7fb5e46c0000-7fb5e46c9000 r-xp 00000000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e46c9000-7fb5e48c8000 ---p 00009000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48c8000-7fb5e48c9000 r--p 00008000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48c9000-7fb5e48ca000 rw-p 00009000 ca:01 396074 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
7fb5e48ca000-7fb5e4a85000 r-xp 00000000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4a85000-7fb5e4c84000 ---p 001bb000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c84000-7fb5e4c88000 r--p 001ba000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c88000-7fb5e4c8a000 rw-p 001be000 ca:01 396042 /lib/x86_64-linux-gnu/libc-2.19.so
7fb5e4c8a000-7fb5e4c8f000 rw-p 00000000 00:00 0
7fb5e4c8f000-7fb5e4cb2000 r-xp 00000000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4ea5000-7fb5e4ea8000 rw-p 00000000 00:00 0
7fb5e4eac000-7fb5e4eb1000 rw-p 00000000 00:00 0
7fb5e4eb1000-7fb5e4eb2000 r--p 00022000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4eb2000-7fb5e4eb3000 rw-p 00023000 ca:01 396032 /lib/x86_64-linux-gnu/ld-2.19.so
7fb5e4eb3000-7fb5e4eb4000 rw-p 00000000 00:00 0
7ffc5258b000-7ffc525ac000 rw-p 00000000 00:00 0 [stack]
7ffc525b0000-7ffc525b2000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]

I tried shorter name for device, and if it's less than 30 characters, it would be fine.

The weird thing is, I've tried to compile from source(http://archive.ubuntu.com/ubuntu/pool/main/m/mdadm/mdadm_3.2.5.orig.tar.bz2 and patch the patches in http://archive.ubuntu.com/ubuntu/pool/main/m/mdadm/mdadm_3.2.5-5ubuntu4.debian.tar.bz2 ). It works well.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in mdadm (Ubuntu):
status: New → Confirmed
Revision history for this message
Avio (aviopene) wrote :
Download full text (3.3 KiB)

Confirmed. It still happens to me on Ubuntu 16.04 LTS amd64 with mdadm-3.3-2ubuntu7.2. I've also tried to upgrade to mdadm_3.4-4_amd64 from Zesty (https://launchpad.net/ubuntu/zesty/amd64/mdadm/3.4-4) with same results.

#> sudo mdadm --verbose --create /dev/md1 --level=mirror --raid-devices=2 --size=2790G --metadata=1.2 --name=startech-usb-enclosure-4bay-3Tb2 /dev/sdd /dev/sde
mdadm: automatically enabling write-intent bitmap on large array
*** buffer overflow detected ***: mdadm terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fda092407e5]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fda092e211c]
/lib/x86_64-linux-gnu/libc.so.6(+0x117120)[0x7fda092e0120]
/lib/x86_64-linux-gnu/libc.so.6(+0x116472)[0x7fda092df472]
mdadm[0x433553]
mdadm[0x41c1d7]
mdadm[0x405951]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fda091e9830]
mdadm[0x4085e9]
======= Memory map: ========
00400000-00476000 r-xp 00000000 08:06 655416 /sbin/mdadm
00675000-00676000 r--p 00075000 08:06 655416 /sbin/mdadm
00676000-0067d000 rw-p 00076000 08:06 655416 /sbin/mdadm
0067d000-00691000 rw-p 00000000 00:00 0
01cd2000-01cf3000 rw-p 00000000 00:00 0 [heap]
7fda08fb3000-7fda08fc9000 r-xp 00000000 08:06 1574085 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fda08fc9000-7fda091c8000 ---p 00016000 08:06 1574085 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fda091c8000-7fda091c9000 rw-p 00015000 08:06 1574085 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fda091c9000-7fda09389000 r-xp 00000000 08:06 1577429 /lib/x86_64-linux-gnu/libc-2.23.so
7fda09389000-7fda09589000 ---p 001c0000 08:06 1577429 /lib/x86_64-linux-gnu/libc-2.23.so
7fda09589000-7fda0958d000 r--p 001c0000 08:06 1577429 /lib/x86_64-linux-gnu/libc-2.23.so
7fda0958d000-7fda0958f000 rw-p 001c4000 08:06 1577429 /lib/x86_64-linux-gnu/libc-2.23.so
7fda0958f000-7fda09593000 rw-p 00000000 00:00 0
7fda09593000-7fda095b9000 r-xp 00000000 08:06 1577305 /lib/x86_64-linux-gnu/ld-2.23.so
7fda09726000-7fda0975b000 r--s 00000000 08:06 1055715 /var/cache/nscd/group
7fda0975b000-7fda09790000 r--s 00000000 08:06 1055115 /var/cache/nscd/passwd
7fda09790000-7fda09793000 rw-p 00000000 00:00 0
7fda097b5000-7fda097b8000 rw-p 00000000 00:00 0
7fda097b8000-7fda097b9000 r--p 00025000 08:06 1577305 /lib/x86_64-linux-gnu/ld-2.23.so
7fda097b9000-7fda097ba000 rw-p 00026000 08:06 1577305 /lib/x86_64-linux-gnu/ld-2.23.so
7fda097ba000-7fda097bb000 rw-p 00000000 00:00 0
7ffd337fd000-7ffd3381e000 rw-p 00000000 00:00 0 [stack]
7ffd3391f000-7ffd33921000 r--p 00000000 00:00 0 [vvar]
7ffd33921000-7ffd33923000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)

#> sudo mdadm --verbose --create /dev/md1 --level=mirror --raid-device...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.