top: Prevent integer overflows in procs_refresh().
This is very similar to our patch against integer overflows in readproctab*().
This commit is contained in:
parent
b6be15d3cb
commit
131e5e2fe6
16
top/top.c
16
top/top.c
@ -22,6 +22,7 @@
|
||||
#include <fcntl.h>
|
||||
#include <float.h>
|
||||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
#include <pwd.h>
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
@ -2717,6 +2718,15 @@ static inline void hstput (unsigned idx) {
|
||||
#undef _HASH_
|
||||
#endif
|
||||
|
||||
|
||||
#define grow_by_size(nmemb, over, size) do { \
|
||||
if ((nmemb) < 0 || (size_t)(nmemb) >= INT_MAX / 5) \
|
||||
error_exit("integer overflow in procs_refresh"); \
|
||||
(nmemb) = (nmemb) * 5 / 4 + (over); \
|
||||
if ((nmemb) < 0 || (size_t)(nmemb) >= SSIZE_MAX / (size)) \
|
||||
error_exit("integer overflow in procs_refresh"); \
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* Refresh procs *Helper* function to eliminate yet one more need
|
||||
* to loop through our darn proc_t table. He's responsible for:
|
||||
@ -2788,7 +2798,7 @@ static void procs_hlp (proc_t *this) {
|
||||
}
|
||||
|
||||
if (Frame_maxtask+1 >= HHist_siz) {
|
||||
HHist_siz = HHist_siz * 5 / 4 + 100;
|
||||
grow_by_size(HHist_siz, 100, sizeof(HST_t));
|
||||
PHist_sav = alloc_r(PHist_sav, sizeof(HST_t) * HHist_siz);
|
||||
PHist_new = alloc_r(PHist_new, sizeof(HST_t) * HHist_siz);
|
||||
}
|
||||
@ -2850,7 +2860,7 @@ static void procs_refresh (void) {
|
||||
|
||||
for (;;) {
|
||||
if (n_used == n_alloc) {
|
||||
n_alloc = 10 + ((n_alloc * 5) / 4); // grow by over 25%
|
||||
grow_by_size(n_alloc, 10, sizeof(proc_t*));
|
||||
private_ppt = alloc_r(private_ppt, sizeof(proc_t*) * n_alloc);
|
||||
// ensure NULL pointers for the additional memory just acquired
|
||||
memset(private_ppt + n_used, 0, sizeof(proc_t*) * (n_alloc - n_used));
|
||||
@ -2877,6 +2887,8 @@ static void procs_refresh (void) {
|
||||
#undef n_used
|
||||
} // end: procs_refresh
|
||||
|
||||
#undef grow_by_size
|
||||
|
||||
|
||||
/*
|
||||
* This serves as our interface to the memory & cpu count (sysinfo)
|
||||
|
Loading…
Reference in New Issue
Block a user