[Nut-upsuser] megatec process die
Arjen de Korte
nut+users at de-korte.org
Wed Jul 2 10:05:04 UTC 2008
>> Asking for UPS status [Q1]...
>> Q1 => OK [(214.5 214.5 220.1 030 49.9 2.22 41.5 00000000]
>> Calculated battery charge: 100.0%
>> Asking for UPS status [Q1]...
>> Q1 => OK [(214.5 214.5 220.1 030 49.9 2.22 41.5 0000000000000000]
>> Calculated battery charge: 100.0%
>> *** stack smashing detected ***: megatec terminated
>> ======= Backtrace: =========
>> /lib/libc.so.6(__fortify_fail+0x48)[0x9b6ce8]
>> /lib/libc.so.6(__fortify_fail+0x0)[0x9b6ca0]
>> megatec[0x804a71a]
>> megatec[0x804d250]
>> [0x871abe8]
> The best way to debug this would be to rebuild nut with "-O0 -g" and
> then run the driver under valgrind.
That would be nice, but not really needed. The debugging information
provided already shows where the problem lies. The flags in the Q1 command
are overflowing the buffer that is reserved for it. This driver expects
only 8 characters and not 16. Most likely, this is a bug in the UPS (since
the Megatec protocol only defines 8 characters here).
Arguably, the driver could be made more robust to deal with situations
like this, by telling sscanf() to only copy as many characters as will fit
in the buffer allocated for a certain parameter. Making assumptions about
the size of data elements that are returned occasionally leads to problems
like these.
Best regards, Arjen
--
Eindhoven - The Netherlands
Key fingerprint - 66 4E 03 2C 9D B5 CB 9B 7A FE 7E C1 EE 88 BC 57
More information about the Nut-upsuser
mailing list