From the stack trace the culprit is:
char cnt[40]; sprintf(cnt, " mismatches found: %d (on raid level %d)", sra->mismatch_cnt, array.level); alert("RebuildFinished", dev, cnt, ainfo);
If mismatch_cnt > 99, then the buffer will overflow. In the crash report, it looks like the submitter had 1536 in mismatch_cnt.
It looks like this has already been fixed in Quantal, which now has:
char cnt[80]; snprintf(cnt, sizeof(cnt), " mismatches found: %d (on raid level %d)", sra->mismatch_cnt, array.level); alert("RebuildFinished", dev, cnt, ainfo);
Lucid, Natty and Oneiric use a shorter format string, so I don't think this bug exists there. So Precise is the only version affected.
Marking this as Fix Released as it is fixed in Quantal, and nominating Precise.
From the stack trace the culprit is:
If mismatch_cnt > 99, then the buffer will overflow. In the crash report, it looks like the submitter had 1536 in mismatch_cnt.
It looks like this has already been fixed in Quantal, which now has:
Lucid, Natty and Oneiric use a shorter format string, so I don't think this bug exists there. So Precise is the only version affected.
Marking this as Fix Released as it is fixed in Quantal, and nominating Precise.