In proc/slab.c, functions parse_slabinfo20() and parse_slabinfo11(),
sscanf() might overflow curr->name, because "String input conversions
store a terminating null byte ('\0') to mark the end of the input; the
maximum field width does not include this terminator."
Add one byte to name[] for this terminator.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).
Warnings:
- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
because of the ++size;
- here, xstrdup() can return NULL (if str is NULL), which goes against
the idea of the xalloc wrappers.
We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
This can disclose information from the stack, but is unlikely to have a
security impact in the context of the procps utilities:
user@debian:~$ w 2>&1 | xxd
00000000: a03c 79b7 1420 6661 696c 6564 2074 6f20 .<y.. failed to
00000010: 616c 6c6f 6361 7465 2033 3232 3137 3439 allocate 3221749
00000020: 3738 3020 6279 7465 7320 6f66 206d 656d 780 bytes of mem
00000030: 6f72 79 ory
Do not memleak "copy" in case of an error.
Do not use "sizeof(converted)" in snprintf(), since "converted" is a
"char *" (luckily, 8 >= sizeof(char *)). Also, remove "sizeof(char)"
which is guaranteed to be 1 by the C standard, and replace 8 with 12,
which is enough to hold any stringified int and does not consume more
memory (in both cases, the glibc malloc()ates a minimum-sized chunk).
sig.c had this odd logic where on non-Hurd systems it would undefine
SIGLOST. Fine for Hurd or amd64 Linux systems. Bad for a sparc which
has SIGLOST defined *and* is not Hurd.
Just check its defined, its much simpler.
The procio functions that were in the library have been
moved into sysctl. sysctl is not linked to libprocps in
newlib and none of the other procps binaries would need
to read/write large data to the procfs.
References:
be6b048a41
to be able to read and write large buffers below /proc.
The buffers and file offsets are handled dynamically
on the required buffer size at read, that is lseek(2)
is used to determine this size. Large buffers at
write are split at a delimeter into pieces and also
lseek(2) is used to write each of them.
Signed-off-by: Werner Fink <werner@suse.de>
Since the value of number_of_signals is known at compile time, we can
use a compile-time check instead. This also adds SIGLOST for the Hurd,
uses the correct signal counts for the Hurd and FreeBSD, and only gives
a compile-time warning when compiled on an unknown platform that it does
not know whether the number of signals is correct.
There is no longer justification for placing a typedef
employed in overriding that alloc.h message handler in
the procps.h header file. So this commit just moves it
to the alloc.h header file itself where's it's needed!
[ gosh, sure wish i had thought to relocate this guy ]
[ when the changes in the 1st commit shown were made ]
Reference(s):
. most recent related changes
commit 18e5aecd2b
. place where it *should* have been relocated
commit 2865ded64e
Signed-off-by: Jim Warner <james.warner@comcast.net>
Way back in November of 2011, the library was equipped
with an overridable error message handler function. It
was done expressly for a program like top which alters
the tty. But that support was withdrawn shortly after.
This was all done in the lead up to v3.3.2. That's the
release where NLS support was added and it represented
a hectic time. In hindsight, the changes went too far.
So this commit, in a minimal fashion, restores ability
to address a potential fatal library error. After all,
any properly behaving library would never unilaterally
subject a caller to a stderr message and then an exit.
[ when exposing 1 variable in libprocps.sym, 2 other ]
[ existing symbols were repositioned alphabetically. ]
Reference(s):
. generalized library memory provisions
commit 7126cc4491
. top exploit library memory provisions
commit 88087ec5a5
. library xalloc type functions made private
commit 2865ded64e
. restored prior top memory logic
commit 05f5deb97c
Signed-off-by: Jim Warner <james.warner@comcast.net>
When supplying the -p command to uptime, it does not display any
sections where the value is less than 1; however, after a reboot, this
causes the command to just output "up". Showing 0 minutes when the
system has been up for less than a minute makes it clear a reboot just
occurred.
The combined results of merge request #49 without that
overhead plus distortion in this repository's history.
Prototyped-by: Wayne Porter <wporter82@gmail.com>
In response to that suggestion referenced below, these
changes allow display of task/thread level NUMA nodes.
Currently, only the 'top' program offers any NUMA type
support and it is limited to the Summary Area display.
With this commit both the 'top' and 'ps' programs will
be able to display NUMA nodes associated with threads.
[ this patch has been adapted from the newlib branch ]
[ and implemented so as to preserve the existing ABI ]
Reference(s):
https://gitlab.com/procps-ng/procps/issues/58
Signed-off-by: Jim Warner <james.warner@comcast.net>
Reference(s):
proc/readproc.c: In function 'statm2proc'
proc/readproc.c:627:9: warning: variable 'num' set but not used [-Wunused-but-set-variable]
ps/output.c: In function 'pr_context':
ps/output.c:1273:14: warning: unused variable 'tried_load' [-Wunused-variable]
ps/output.c:1272:16: warning: unused variable 'ps_is_selinux_enabled' [-Wunused-variable]
ps/output.c:1272:16: warning: 'ps_is_selinux_enabled' defined but not used [-Wunused-variable]
ps/output.c:1273:14: warning: 'tried_load' defined but not used [-Wunused-variable]
ps/output.c:1837:18: warning: 'shortsort_array_count' defined but not used [-Wunused-const-variable=]
ps/output.c:1803:18: warning: 'aix_array_count' defined but not used [-Wunused-const-variable=]
ps/parser.c: In function 'arg_type':
ps/parser.c:1098:3: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
ps/parser.c:1099:34: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
ps/sortformat.c: In function 'format_parse':
ps/sortformat.c:241:1: warning: label 'out' defined but not used [-Wunused-label]
ps/stacktrace.c:176:13: warning: 'stack_trace_sigsegv' defined but not used [-Wunused-function]
watch.c: In function 'process_ansi':
watch.c:234:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
watch.c:237:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
Signed-off-by: Jim Warner <james.warner@comcast.net>
The commit (merge) referenced below added some useless
trailing whitespace, and this patch will correct such.
[ this also updates the NEWS file for the buglet fix ]
Gosh, if folks cannot coax their editors into avoiding
such crap they should remove the '.sample' suffix from
their '.git/hooks/pre-commit.sample' file. Thereafter,
git itself will reject changes with whitespace errors.
Reference(s):
commit cc1f49aeba
Signed-off-by: Jim Warner <james.warner@comcast.net>
In some environments, 100 * nr_active_objs is calculated at first,
and the result of lower 32bits is divided by nr_objs. This occurs
even in a 64-bit architecture. So nr_active_objes > 42949672, %use
will be incorrect.
This fix casts type of nr_active_objs to float to calculate
correctly the %use in 32-bit/64-bit architectures.
Signed-off-by: Takayuki Nagata <tnagata@redhat.com>
This reverts commit 99d71ad581.
When nr_active_objs / nr_objs is calculated, the result will be 1
or 0 since the variables are integer. So the commit is wrong.
kill -l SIGHUP (or any other signal-name prefixed with "SIG")
would cause free() to be called with a bad pointer instead of
a pointer to what was allocated. Fix this and add test-case.
FreeBSD doesn't have SIGPWR so makes no sense in warning and assuming
its 29.
References:
https://bugs.debian/org/832148
Signed-off-by: Craig Small <csmall@enc.com.au>
Profiling revealed a large amount of time spent in the
'escape_str_utf8' function (escape.c) with both of our
NLS branches (newlib and master). That same result was
not seen under an ancient top-3.2.8 program & library.
Well, the 3.2.8 result was ultimately explained by the
absence of a 'setlocale', necessary under NLS support.
Thus, when that ancient library tested for locale, all
it got was 'ANSI_...' & assumed 'UTF-8' wasn't active.
But after a hack to that ancient code to place it on a
par with newlib/master, I still found cost differences
that led me to revisit an old change referenced below.
It turns out that 'iswprint' costs far more than would
a call of 'isprint', even with the extra support code.
So this commit just reverts that five year old change.
[ this patch parallels a similar change under newlib ]
Reference(s):
commit 7b0fc19e9d
Signed-off-by: Jim Warner <james.warner@comcast.net>
Fixing invalid reads in find_elf_note due to setenv invocation
Resolves issue on mailing list from 12 Nov 2014 and Red Hat Bugzilla 1163404.
See merge request !20
For a specific slice of kernel versions we can get a better
estimate of the available memory before the "real" available
figure appears around kernel 3.2
However, that middle method requires a /proc/sys/vm directory.
FreeBSD 9.x used to emulate a < 2.6.27 kernel procfs meaning
it never tried the middle method. FreeBSD 10.x emulates something
more modern, but without the available figure and without a
/proc/sys/vm, so the library falls into a hole.
Hurd may to one day have this bug so we'll exclude him as well
as its triggered by whatever number appears in
/proc/sys/kernel/osrelease
References:
commit 3f3b1a59adhttps://bugs.debian.org/831396
For this release, what's likely to be our last oldlib,
we really no longer care when top or ps threads access
is made a little less efficient. This is especially so
when efficiency was gained at the expense of accuracy.
The newlib branch already has turned off QUICK_THREADS
so this patch just brings the master branch into line.
Reference(s):
https://bugzilla.redhat.com/show_bug.cgi?id=1284091
Signed-off-by: Jim Warner <james.warner@comcast.net>
On MacOS the system already has user_from_uid and group_from_gid.
These are renamed pwcache_get_user and pwcache_get_group.
For the old library, pwcache_get_user needs to be exported
for skill.
References:
https://gitlab.com/procps-ng/procps/issues/34
Signed-off-by: Craig Small <csmall@enc.com.au>
Since we're about to break the ABI/API anyway, why not
go ahead and add yet another field to our proc_t which
the newlib branch has had for awhile. This then allows
the top program to offer 'control group name' and will
also permit a few reductions in that ps program logic.
And let's also clean up some unrelated warnings below.
Clang warnings:
proc/readproc.c:1178:50: warning: address of array 'ent->d_name' will always evaluate to 'true' [-Wpointer-bool-conversion]
if(unlikely(unlikely(!ent) || unlikely(!ent->d_name))) return 0;
~~~~~~^~~~~~
proc/readproc.c:1205:50: warning: address of array 'ent->d_name' will always evaluate to 'true' [-Wpointer-bool-conversion]
if(unlikely(unlikely(!ent) || unlikely(!ent->d_name))) return 0;
~~~~~~^~~~~~
Signed-off-by: Jim Warner <james.warner@comcast.net>
The procps library attempts to work out the tty of a process
through several methods. For things like /dev/tty123 or
/dev/foo it works fine.
For tty devices that put the minor number in a directory
of the major name this fails. So then we have to fallback
to stating things like the processes STDERR and try again.
Considering a lot of processes sit on ttys such as
/dev/pts/3 this is a lot of wasted time. At the point of
entering driver_name we know "/dev/pts" and we know "3"
we just didn't join them up the right way as this is old
code.
This change now looks for /dev/pts/3 as well. It does it
after looking for /dev/pts3 so the behaviour is the same.
References:
https://bugs.debian.org/770215
Signed-off-by: Craig Small <csmall@enc.com.au>
The former variable length structure created potential
problems for library users like that referenced below.
We will now parallel the same approach newlib uses for
the configure options --enable-oomem & --with-systemd.
Thus, the --enable-oomem and OOMEM_ENABLE #define have
been eliminated and the --with-systemd option (#define
WITH_SYSTEMD) will hereafter impact one function only.
The proc_t struct itself will now *never* be impacted.
Reference(s):
https://gitlab.com/procps-ng/procps/issues/31
Signed-off-by: Jim Warner <james.warner@comcast.net>
Since support already exists in the newlib branch this
represents an equivalent master branch implementation,
and this commit message is shared with 2 more patches.
Beginning with linux-4.5, the following new fields are
being added under that /proc/<pid>/status pseudo file:
. RssAnon - size of resident anonymous memory
. RssFile - size of resident file mappings
. RssShmem - size of resident shared memory
p.s. Locked resident memory support was also added but
isn't directly related to the kernel 4.5 enhancements.
p.p.s. Archlinux, Debian-stretch and Fedora-23 already
are currently using a 4.5 linux kernel (as of 6/2/16).
Signed-off-by: Jim Warner <james.warner@comcast.net>
In some environments, 100 * nr_active_objs is calculated at first,
and lower 32bit of the result is divided by nr_objs.
If 100 * nr_active_objs > 42949672, %use will be incorrect.
Signed-off-by: Takayuki Nagata <tnagata@redhat.com>
Multiple scanf()s use the GNU-permitted %Lu. This is not supported in
other libraries and isn't to the POSIX specification. The L modifier
is only used for floats in POSIX.
Replacing %Lu with %llu is the same for GNU libc (scanf(3) says as much)
but means other libraries will work fine.
Closes: #19
References:
http://pubs.opengroup.org/onlinepubs/009695399/functions/fscanf.html
wish folks (craig) would use these in their .gitconfig
[core]
whitespace = trailing-space, space-before-tab, blank-at-eof
[apply]
whitespace = warn
Signed-off-by: Jim Warner <james.warner@comcast.net>