top: Check graph_cpus, graph_mems, and summ_mscale.
Otherwise they lead to out-of-bounds reads and format-string bugs. Since these variables are set/written to in several places (for example, config_file()), check them in the only place where they are read/used. Also, constify the static gtab[]s.
This commit is contained in:
parent
bd91bbf7f1
commit
cd8ba5670e
21
top/top.c
21
top/top.c
@ -5399,13 +5399,13 @@ static void summary_hlp (CPU_t *cpu, const char *pfx) {
|
|||||||
|
|
||||||
/* display some kinda' cpu state percentages
|
/* display some kinda' cpu state percentages
|
||||||
(who or what is explained by the passed prefix) */
|
(who or what is explained by the passed prefix) */
|
||||||
if (Curwin->rc.graph_cpus) {
|
static const struct {
|
||||||
static struct {
|
|
||||||
const char *user, *syst, *type;
|
const char *user, *syst, *type;
|
||||||
} gtab[] = {
|
} gtab[] = {
|
||||||
{ "%-.*s~7", "%-.*s~8", Graph_bars },
|
{ "%-.*s~7", "%-.*s~8", Graph_bars },
|
||||||
{ "%-.*s~4", "%-.*s~6", Graph_blks }
|
{ "%-.*s~4", "%-.*s~6", Graph_blks }
|
||||||
};
|
};
|
||||||
|
if (Curwin->rc.graph_cpus >= 1 && (size_t)Curwin->rc.graph_cpus <= sizeof(gtab) / sizeof(gtab[0])) {
|
||||||
char user[SMLBUFSIZ], syst[SMLBUFSIZ], dual[MEDBUFSIZ];
|
char user[SMLBUFSIZ], syst[SMLBUFSIZ], dual[MEDBUFSIZ];
|
||||||
int ix = Curwin->rc.graph_cpus - 1;
|
int ix = Curwin->rc.graph_cpus - 1;
|
||||||
float pct_user = (float)(u_frme + n_frme) * scale,
|
float pct_user = (float)(u_frme + n_frme) * scale,
|
||||||
@ -5520,12 +5520,6 @@ numa_nope:
|
|||||||
} // end: View_STATES
|
} // end: View_STATES
|
||||||
|
|
||||||
// Display Memory and Swap stats
|
// Display Memory and Swap stats
|
||||||
if (isROOM(View_MEMORY, 2)) {
|
|
||||||
#define bfT(n) buftab[n].buf
|
|
||||||
#define scT(e) scaletab[Rc.summ_mscale]. e
|
|
||||||
#define mkM(x) (float)kb_main_ ## x / scT(div)
|
|
||||||
#define mkS(x) (float)kb_swap_ ## x / scT(div)
|
|
||||||
#define prT(b,z) { if (9 < snprintf(b, 10, scT(fmts), z)) b[8] = '+'; }
|
|
||||||
static struct {
|
static struct {
|
||||||
float div;
|
float div;
|
||||||
const char *fmts;
|
const char *fmts;
|
||||||
@ -5546,6 +5540,13 @@ numa_nope:
|
|||||||
{ 1024.0*1024*1024*1024*1024, "%#.1f ", NULL } // exbibytes
|
{ 1024.0*1024*1024*1024*1024, "%#.1f ", NULL } // exbibytes
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
if (isROOM(View_MEMORY, 2) &&
|
||||||
|
Rc.summ_mscale >= 0 && (size_t)Rc.summ_mscale < sizeof(scaletab) / sizeof(scaletab[0])) {
|
||||||
|
#define bfT(n) buftab[n].buf
|
||||||
|
#define scT(e) scaletab[Rc.summ_mscale]. e
|
||||||
|
#define mkM(x) (float)kb_main_ ## x / scT(div)
|
||||||
|
#define mkS(x) (float)kb_swap_ ## x / scT(div)
|
||||||
|
#define prT(b,z) { if (9 < snprintf(b, 10, scT(fmts), z)) b[8] = '+'; }
|
||||||
struct { // 0123456789
|
struct { // 0123456789
|
||||||
// snprintf contents of each buf (after SK_Kb): 'nnnn.nnn 0'
|
// snprintf contents of each buf (after SK_Kb): 'nnnn.nnn 0'
|
||||||
// and prT macro might replace space at buf[8] with: ------> +
|
// and prT macro might replace space at buf[8] with: ------> +
|
||||||
@ -5561,13 +5562,13 @@ numa_nope:
|
|||||||
scaletab[5].label = N_txt(AMT_exxabyte_txt);
|
scaletab[5].label = N_txt(AMT_exxabyte_txt);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (w->rc.graph_mems) {
|
static const struct {
|
||||||
static struct {
|
|
||||||
const char *used, *misc, *swap, *type;
|
const char *used, *misc, *swap, *type;
|
||||||
} gtab[] = {
|
} gtab[] = {
|
||||||
{ "%-.*s~7", "%-.*s~8", "%-.*s~8", Graph_bars },
|
{ "%-.*s~7", "%-.*s~8", "%-.*s~8", Graph_bars },
|
||||||
{ "%-.*s~4", "%-.*s~6", "%-.*s~6", Graph_blks }
|
{ "%-.*s~4", "%-.*s~6", "%-.*s~6", Graph_blks }
|
||||||
};
|
};
|
||||||
|
if (w->rc.graph_mems >= 1 && (size_t)w->rc.graph_mems <= sizeof(gtab) / sizeof(gtab[0])) {
|
||||||
char used[SMLBUFSIZ], util[SMLBUFSIZ], dual[MEDBUFSIZ];
|
char used[SMLBUFSIZ], util[SMLBUFSIZ], dual[MEDBUFSIZ];
|
||||||
float pct_used, pct_misc, pct_swap;
|
float pct_used, pct_misc, pct_swap;
|
||||||
int ix, num_used, num_misc;
|
int ix, num_used, num_misc;
|
||||||
|
Loading…
Reference in New Issue
Block a user