I run a script through apache cgi and on opening a file the code stops running and writes this to the logs:

[Wed Dec 13 17:24:25.056137 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: *** Error in `/var/www/cgi-bin/gallery.cgi': malloc(): memory corruption: 0x0000000001c8f0b0 ***: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.056711 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: ======= Backtrace: =========: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.056891 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fa0b92e77e5]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.056992 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: /lib/x86_64-linux-gnu/libc.so.6(+0x8213e)[0x7fa0b92f213e]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057095 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: /lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7fa0b92f4184]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057188 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: /lib/x86_64-linux-gnu/libc.so.6(+0x6dcdd)[0x7fa0b92ddcdd]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057240 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: /var/www/cgi-bin/gallery.cgi[0x400ed3]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057290 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: /var/www/cgi-bin/gallery.cgi[0x4016ad]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057338 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: /var/www/cgi-bin/gallery.cgi[0x401718]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057434 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fa0b9290830]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057515 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: /var/www/cgi-bin/gallery.cgi[0x400db9]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057557 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: ======= Memory map: ========: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057722 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 00400000-00405000 r-xp 00000000 08:02 4981521 /var/www/cgi-bin/gallery.cgi: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057789 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 00604000-00605000 r--p 00004000 08:02 4981521 /var/www/cgi-bin/gallery.cgi: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057850 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 00605000-00606000 rw-p 00005000 08:02 4981521 /var/www/cgi-bin/gallery.cgi: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057901 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 01c8e000-01cb0000 rw-p 00000000 00:00 0 [heap]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057937 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b4000000-7fa0b4021000 rw-p 00000000 00:00 0 : /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.057973 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b4021000-7fa0b8000000 ---p 00000000 00:00 0 : /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058036 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b905a000-7fa0b9070000 r-xp 00000000 08:02 1315327 /lib/x86_64-linux-gnu/libgcc_s.so.1: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058119 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b9070000-7fa0b926f000 ---p 00016000 08:02 1315327 /lib/x86_64-linux-gnu/libgcc_s.so.1: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058186 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b926f000-7fa0b9270000 rw-p 00015000 08:02 1315327 /lib/x86_64-linux-gnu/libgcc_s.so.1: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058251 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b9270000-7fa0b9430000 r-xp 00000000 08:02 1315291 /lib/x86_64-linux-gnu/libc-2.23.so: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058317 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b9430000-7fa0b9630000 ---p 001c0000 08:02 1315291 /lib/x86_64-linux-gnu/libc-2.23.: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058406 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: so: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058477 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b9630000-7fa0b9634000 r--p 001c0000 08:02 1315291 /lib/x86_64-linux-gnu/libc-2.23.so: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058548 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b9634000-7fa0b9636000 rw-p 001c4000 08:02 1315291 /lib/x86_64-linux-gnu/libc-2.23.so: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058607 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b9636000-7fa0b963a000 rw-p 00000000 00:00 0 : /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058671 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b963a000-7fa0b9660000 r-xp 00000000 08:02 1315265 /lib/x86_64-linux-gnu/ld-2.23.so: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058706 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b9835000-7fa0b9838000 rw-p 00000000 00:00 0 : /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058741 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b985c000-7fa0b985f000 rw-p 00000000 00:00 0 : /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058804 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b985f000-7fa0b9860000 r--p 00025000 08:02 1315265 /lib/x86_64-linux-gnu/ld-2.23.so: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058868 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b9860000-7fa0b9861000 rw-p 00026000 08:02 1315265 /lib/x86_64-linux-gnu/ld-2.23.so: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058904 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7fa0b9861000-7fa0b9862000 rw-p 00000000 00:00 0 : /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.058954 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7ffdd0f75000-7ffdd0f96000 rw-p 00000000 00:00 0 [stack]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.059005 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7ffdd0fb5000-7ffdd0fb7000 r--p 00000000 00:00 0 [vvar]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.059055 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: 7ffdd0fb7000-7ffdd0fb9000 r-xp 00000000 00:00 0 [vdso]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.059092 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: ffffffffff600000-ffffffffff601000 r-xp 00000000 00: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html [Wed Dec 13 17:24:25.059174 2017] [cgi:error] [pid 3316:tid 139914171565824] [client 127.0.0.1:45310] AH01215: :00 0 [vsyscall]: /var/www/cgi-bin/gallery.cgi, referer: http://eben.my/add_file.html

Here is the code:

 #include <ccgi.h> #include <stdio.h> #include <stdlib.h> #include <string.h> char* pathhome = "/home/rodion/New/"; void add_entry(char* file, char* id, char* entry) { FILE* f = fopen(file, "w+"); <-- Ρ‚ΡƒΡ‚ Π²Ρ‹Π»Π΅Ρ‚Π°Π΅Ρ‚ if(f!=NULL) { char* entry1 = calloc(strlen(entry)+strlen(id)+3, sizeof(char)); sprintf(entry1, "%s|%s\n", id, entry); fputs(entry1, f); free(entry1); fclose(f); } } int save_image(const char* file, char* id_user, char* id_img) { FILE* ftmp; FILE* fimg; if((ftmp = fopen(file, "rb"))!=NULL) { char* path = calloc(strlen(id_user)+strlen(id_img)+20, sizeof(char)); sprintf(path, "%simages/%s/%s", pathhome, id_user, id_img); if((fimg = fopen(path, "w+"))!=NULL) { char buf [512]; while ((fread(buf, 1, sizeof(buf), ftmp)) > 0) { fwrite(buf, 1, sizeof(buf), fimg); } return 0; } free(path); } return 1; } int add_image(char* id_user) { CGI_varlist *vl; CGI_value *value; char* id_img = "1000"; if ((vl = CGI_get_all("/tmp/cgi-upload-XXXXXX")) == 0) { return 0; } value = CGI_lookup_all(vl, "image"); //ΠΏΠΎΠ»ΡƒΡ‡Π΅Π½ΠΈΠ΅ изобраТСния if(value==NULL||value[0]==NULL&&value[1]==NULL) { return 1; } else { printf("ai %s\n\n", value[0]); save_image(value[0], id_user, id_img); } value = CGI_lookup_all(vl, "gallery"); // ΠΏΠΎΠ»ΡƒΡ‡Π΅Π½ΠΈΠ΅ id Π³Π°Π»Π΅Ρ€Π΅ΠΈ if(value==NULL||value[0]==NULL&&value[1]==NULL) return 2; char* path_gallery = calloc(strlen(id_user)+20, sizeof(char)); sprintf(path_gallery, "%sgalleries/%s/%s\0", pathhome, id_user, value[0]); value = CGI_lookup(vl, "description"); // ΠΏΠΎΠ»ΡƒΡ‡Π΅Π½ΠΈΠ΅ описания ΠΊ ΠΈΠ·ΠΎΠ±Ρ€Π°ΠΆΠ΅Π½ΠΈΡŽ if(value==NULL) { add_entry(path_gallery, id_img, ""); } else { add_entry(path_gallery, id_img, (char*)value); } CGI_free_varlist(vl); return 0; } int main() { printf("Content-type: text/plain\n\n"); add_image("123"); }

How to fix this problem?

  • For starters, why such a strange way of calculating the length of path_gallery ? I think if you count it correctly, then maybe this will reveal the problem. In any case, even with the naked eye it can be seen that strlen(id_user)+20 bytes is not enough. - PinkTux

1 answer 1

How to fix this problem?

First of all, it’s right to calculate how much memory you need to allocate for path_gallery For example:

 int size = vsnprintf( NULL, "%sgalleries/%s/%s", pathhome, id_user, value[0] ); if( size < 0 ) /* ... ошибка ... */ char *path_gallery = malloc( size ); if( !path_gallery ) /* ... ошибка ... */ vsnprintf( path_gallery, "%sgalleries/%s/%s", pathhome, id_user, value[0] );

PS Is this still for \0 at the end of the format line? Do not need it there:

 sprintf(path_gallery, "%sgalleries/%s/%s\0", pathhome, id_user, value[0]);