From 7bc47797188f90b61c15018dec5f46b8e71a3fe1 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] 0095-pmap: Fix extended mode in one_proc().

Check the return value of sscanf() to make sure that all input items are
properly initialized.

In extended mode (x_option), one_proc() loads the values of start and
perms during one iteration of the while loop, and displays them during
one of the following iterations, but start and perms are variables local
to the while loop: move them out of the while loop, to the beginning of
the function.

Also, display a mapping only if cp2 is properly initialized; otherwise
(for example), mappings that do not belong to a selected range are
displayed, and with a NULL mapping name:

$ pmap -x -A 6FFF00000000,7FFF00000000 $$
...
Address           Kbytes     RSS   Dirty Mode  Mapping
000055b3d1e9b000       0     912       0  r-xp (null)
000055b3d2194000       0      16      16  r--p (null)
000055b3d2198000       0      36      36  rw-p (null)
...

Removed const as this causes problems elsewhere.

Signed-off-by: Craig Small <csmall@enc.com.au>
---
 pmap.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/pmap.c b/pmap.c
index f2bb555c..9f06c918 100644
--- a/pmap.c
+++ b/pmap.c
@@ -525,6 +525,8 @@ static int one_proc (struct pids_stack *p)
 	unsigned long total_private_readonly = 0ul;
 	unsigned long total_private_writeable = 0ul;
 	unsigned long diff = 0;
+	unsigned long end;
+	char perms[32] = "";
 	const char *cp2 = NULL;
 	unsigned long long rss = 0ull;
 	unsigned long long private_dirty = 0ull;
@@ -585,10 +587,8 @@ static int one_proc (struct pids_stack *p)
 	}
 
 	while (fgets(mapbuf, sizeof mapbuf, fp)) {
-		char perms[32];
 		/* to clean up unprintables */
 		char *tmp;
-		unsigned long end;
 		unsigned long long file_offset, inode;
 		unsigned dev_major, dev_minor;
 		unsigned long long smap_value;
@@ -614,17 +614,20 @@ static int one_proc (struct pids_stack *p)
 					continue;
 				}
 				if (strcmp("Swap", smap_key) == 0) {
-					/*doesn't matter as long as last */
-					printf("%0*lx %*lu %*llu %*llu %*s %s\n",
-					       maxw1, start_To_Avoid_Warning,
-					       maxw2, (unsigned long)(diff >> 10),
-					       maxw3, rss,
-					       maxw4, (private_dirty + shared_dirty),
-					       maxw5, perms,
-					       cp2);
+					/* doesn't matter as long as last */
+					if (cp2)
+                        printf("%0*lx %*lu %*llu %*llu %*s %s\n",
+                               maxw1, start_To_Avoid_Warning,
+                               maxw2, (unsigned long)(diff >> 10),
+                               maxw3, rss,
+                               maxw4, (private_dirty + shared_dirty),
+                               maxw5, perms,
+                               cp2);
 					/* reset some counters */
 					rss = shared_dirty = private_dirty = 0ull;
-					diff = 0;
+                    diff = end = 0;
+                    perms[0] = '\0';
+                    cp2 = NULL;
 					continue;
 				}
 			}