[Mauiusers] Big bug in latest maui (and all previous ones too probably)

Åke Sandgren ake.sandgren at hpc2n.umu.se
Thu Sep 15 01:10:15 MDT 2005


We just got hit by a bad buffer overflow bug in the UI part of the code.
One user submitted 2300 jobs and when doing showq the server crashes.

The problems is a buffer overwrite causing stack thrashing emanating
from UIProcessCommand. The local SBuffer there gets too much data
overwriting the inparameter msocket_t *S.

This happens in the call to
scode = (*Function[sindex])(args,S->SBuffer + HeadSize,FLAGS,Auth,...
in this case UIDiagnose which in turn calls UIQueueDiagnose which calls
MQueueDiagnose without giving it the size of the Buffer and it will
happily runover the end.

I have a quick and dirty patch in place that keeps the server running
but currently makes showq fail with
ERROR:    cannot parse server response (status)

I'll continue to work on this since we are currently in a situation
where maui crashes almost immediately without this...

PLEASE get rid of all the possible buffer overruns. There are PLENTY of

