top: Check graph_cpus, graph_mems, and summ_mscale.

Otherwise they lead to out-of-bounds reads and format-string bugs.

Since these variables are set/written to in several places (for example,
config_file()), check them in the only place where they are read/used.

Also, constify the static gtab[]s.
This commit is contained in:
Qualys Security Advisory - committed by Craig Small
parent bd91bbf7f1
commit cd8ba5670e

View File

@ -5399,13 +5399,13 @@ static void summary_hlp (CPU_t *cpu, const char *pfx) {
/* display some kinda' cpu state percentages /* display some kinda' cpu state percentages
(who or what is explained by the passed prefix) */ (who or what is explained by the passed prefix) */
if (Curwin->rc.graph_cpus) { static const struct {
static struct {
const char *user, *syst, *type; const char *user, *syst, *type;
} gtab[] = { } gtab[] = {
{ "%-.*s~7", "%-.*s~8", Graph_bars }, { "%-.*s~7", "%-.*s~8", Graph_bars },
{ "%-.*s~4", "%-.*s~6", Graph_blks } { "%-.*s~4", "%-.*s~6", Graph_blks }
}; };
if (Curwin->rc.graph_cpus >= 1 && (size_t)Curwin->rc.graph_cpus <= sizeof(gtab) / sizeof(gtab[0])) {
char user[SMLBUFSIZ], syst[SMLBUFSIZ], dual[MEDBUFSIZ]; char user[SMLBUFSIZ], syst[SMLBUFSIZ], dual[MEDBUFSIZ];
int ix = Curwin->rc.graph_cpus - 1; int ix = Curwin->rc.graph_cpus - 1;
float pct_user = (float)(u_frme + n_frme) * scale, float pct_user = (float)(u_frme + n_frme) * scale,
@ -5520,12 +5520,6 @@ numa_nope:
} // end: View_STATES } // end: View_STATES
// Display Memory and Swap stats // Display Memory and Swap stats
if (isROOM(View_MEMORY, 2)) {
#define bfT(n) buftab[n].buf
#define scT(e) scaletab[Rc.summ_mscale]. e
#define mkM(x) (float)kb_main_ ## x / scT(div)
#define mkS(x) (float)kb_swap_ ## x / scT(div)
#define prT(b,z) { if (9 < snprintf(b, 10, scT(fmts), z)) b[8] = '+'; }
static struct { static struct {
float div; float div;
const char *fmts; const char *fmts;
@ -5546,6 +5540,13 @@ numa_nope:
{ 1024.0*1024*1024*1024*1024, "%#.1f ", NULL } // exbibytes { 1024.0*1024*1024*1024*1024, "%#.1f ", NULL } // exbibytes
#endif #endif
}; };
if (isROOM(View_MEMORY, 2) &&
Rc.summ_mscale >= 0 && (size_t)Rc.summ_mscale < sizeof(scaletab) / sizeof(scaletab[0])) {
#define bfT(n) buftab[n].buf
#define scT(e) scaletab[Rc.summ_mscale]. e
#define mkM(x) (float)kb_main_ ## x / scT(div)
#define mkS(x) (float)kb_swap_ ## x / scT(div)
#define prT(b,z) { if (9 < snprintf(b, 10, scT(fmts), z)) b[8] = '+'; }
struct { // 0123456789 struct { // 0123456789
// snprintf contents of each buf (after SK_Kb): 'nnnn.nnn 0' // snprintf contents of each buf (after SK_Kb): 'nnnn.nnn 0'
// and prT macro might replace space at buf[8] with: ------> + // and prT macro might replace space at buf[8] with: ------> +
@ -5561,13 +5562,13 @@ numa_nope:
scaletab[5].label = N_txt(AMT_exxabyte_txt); scaletab[5].label = N_txt(AMT_exxabyte_txt);
} }
if (w->rc.graph_mems) { static const struct {
static struct {
const char *used, *misc, *swap, *type; const char *used, *misc, *swap, *type;
} gtab[] = { } gtab[] = {
{ "%-.*s~7", "%-.*s~8", "%-.*s~8", Graph_bars }, { "%-.*s~7", "%-.*s~8", "%-.*s~8", Graph_bars },
{ "%-.*s~4", "%-.*s~6", "%-.*s~6", Graph_blks } { "%-.*s~4", "%-.*s~6", "%-.*s~6", Graph_blks }
}; };
if (w->rc.graph_mems >= 1 && (size_t)w->rc.graph_mems <= sizeof(gtab) / sizeof(gtab[0])) {
char used[SMLBUFSIZ], util[SMLBUFSIZ], dual[MEDBUFSIZ]; char used[SMLBUFSIZ], util[SMLBUFSIZ], dual[MEDBUFSIZ];
float pct_used, pct_misc, pct_swap; float pct_used, pct_misc, pct_swap;
int ix, num_used, num_misc; int ix, num_used, num_misc;