Comment 6 for bug 946758

From the stack trace the culprit is:

                        char cnt[40];
                        sprintf(cnt, " mismatches found: %d (on raid level %d)",
                                sra->mismatch_cnt, array.level);
                        alert("RebuildFinished", dev, cnt, ainfo);

If mismatch_cnt > 99, then the buffer will overflow. In the crash report, it looks like the submitter had 1536 in mismatch_cnt.

It looks like this has already been fixed in Quantal, which now has:

                       char cnt[80];
                        snprintf(cnt, sizeof(cnt),
                                 " mismatches found: %d (on raid level %d)",
                                sra->mismatch_cnt, array.level);
                        alert("RebuildFinished", dev, cnt, ainfo);

Lucid, Natty and Oneiric use a shorter format string, so I don't think this bug exists there. So Precise is the only version affected.

Marking this as Fix Released as it is fixed in Quantal, and nominating Precise.