there's an input validation bug in get_value_aggregate() which can cause this segfault:
(gdb) run
Starting program: /tmp/zabbix-1.4.6/src/zabbix_server/zabbix_server
[New process 29384]
[New process 29385]
[New process 29441]
Program received signal SIGSEGV, Segmentation fault.
[Switching to process 29441]
get_value_aggregate (item=<value optimized out>, result=0x7fff5e31bfc0) at checks_aggregate.c:281
281 if(*p != ',') ret = NOTSUPPORTED;
(gdb) print p
$1 = 0x0
(gdb) bt
#0 get_value_aggregate (item=<value optimized out>, result=0x7fff5e31bfc0) at checks_aggregate.c:281
#1 0x000000000040e848 in get_value (item=0x7fff5e31bff0, result=0x7fff5e31bfc0) at poller.c:83
#2 0x000000000040e9f8 in get_values () at poller.c:331
#3 0x000000000040f0a5 in main_poller_loop (type=0, num=<value optimized out>) at poller.c:498
#4 0x000000000040b5e9 in MAIN_ZABBIX_ENTRY () at server.c:504
#5 0x000000000041a4e1 in daemon_start (allow_root=<value optimized out>) at daemon.c:169
#6 0x0000003b57c1d8b4 in __libc_start_main () from /lib64/libc.so.6
#7 0x00000000004033d9 in _start ()
(gdb)
i think this is due to having users putting in misformed aggregate items -- the code seems to be trying to be too clever with setting the value of ret and falling through all of the code to only return at the end of the subroutine and i just changed it to short-circuit the return.
(gdb) run
Starting program: /tmp/zabbix-1.4.6/src/zabbix_server/zabbix_server
[New process 29384]
[New process 29385]
[New process 29441]
Program received signal SIGSEGV, Segmentation fault.
[Switching to process 29441]
get_value_aggregate (item=<value optimized out>, result=0x7fff5e31bfc0) at checks_aggregate.c:281
281 if(*p != ',') ret = NOTSUPPORTED;
(gdb) print p
$1 = 0x0
(gdb) bt
#0 get_value_aggregate (item=<value optimized out>, result=0x7fff5e31bfc0) at checks_aggregate.c:281
#1 0x000000000040e848 in get_value (item=0x7fff5e31bff0, result=0x7fff5e31bfc0) at poller.c:83
#2 0x000000000040e9f8 in get_values () at poller.c:331
#3 0x000000000040f0a5 in main_poller_loop (type=0, num=<value optimized out>) at poller.c:498
#4 0x000000000040b5e9 in MAIN_ZABBIX_ENTRY () at server.c:504
#5 0x000000000041a4e1 in daemon_start (allow_root=<value optimized out>) at daemon.c:169
#6 0x0000003b57c1d8b4 in __libc_start_main () from /lib64/libc.so.6
#7 0x00000000004033d9 in _start ()
(gdb)
i think this is due to having users putting in misformed aggregate items -- the code seems to be trying to be too clever with setting the value of ret and falling through all of the code to only return at the end of the subroutine and i just changed it to short-circuit the return.