top: Prevent integer overflows in procs_re... REVERTED
That patch referenced below is being reverted because:
. By design, no other top macro looks like a function.
Instead, they all contain some minimal capitalization.
The 'grow_by_size' macro stands out like a sore thumb.
. We would need to approach 400+ million tasks for for
the 1st addressed problem to produce integer overflow.
. And a 2nd check against SSIZE_MAX remains a mystery.
Me thinks a system on which top is running will suffer
ENOMEM before we need to worry about integer overflow.
Reference(s):
. original qualys patch
0105-top-Prevent-integer-overflows-in-procs_refresh.patch
commit 131e5e2fe6
Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Jim Warner
Craig Small
parent
3b2235c266
commit
c9dfcdebdc
16
top/top.c
16
top/top.c
@ -22,7 +22,6 @@
|
||||
#include <fcntl.h>
|
||||
#include <float.h>
|
||||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
#include <pwd.h>
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
@ -2727,15 +2726,6 @@ static inline void hstput (unsigned idx) {
|
||||
#undef _HASH_
|
||||
#endif
|
||||
|
||||
|
||||
#define grow_by_size(nmemb, over, size) do { \
|
||||
if ((nmemb) < 0 || (size_t)(nmemb) >= INT_MAX / 5) \
|
||||
error_exit("integer overflow in procs_refresh"); \
|
||||
(nmemb) = (nmemb) * 5 / 4 + (over); \
|
||||
if ((nmemb) < 0 || (size_t)(nmemb) >= SSIZE_MAX / (size)) \
|
||||
error_exit("integer overflow in procs_refresh"); \
|
||||
} while (0)
|
||||
|
||||
/*
|
||||
* Refresh procs *Helper* function to eliminate yet one more need
|
||||
* to loop through our darn proc_t table. He's responsible for:
|
||||
@ -2807,7 +2797,7 @@ static void procs_hlp (proc_t *this) {
|
||||
}
|
||||
|
||||
if (Frame_maxtask+1 >= HHist_siz) {
|
||||
grow_by_size(HHist_siz, 100, sizeof(HST_t));
|
||||
HHist_siz = HHist_siz * 5 / 4 + 100;
|
||||
PHist_sav = alloc_r(PHist_sav, sizeof(HST_t) * HHist_siz);
|
||||
PHist_new = alloc_r(PHist_new, sizeof(HST_t) * HHist_siz);
|
||||
}
|
||||
@ -2869,7 +2859,7 @@ static void procs_refresh (void) {
|
||||
|
||||
for (;;) {
|
||||
if (n_used == n_alloc) {
|
||||
grow_by_size(n_alloc, 10, sizeof(proc_t*));
|
||||
n_alloc = 10 + ((n_alloc * 5) / 4); // grow by over 25%
|
||||
private_ppt = alloc_r(private_ppt, sizeof(proc_t*) * n_alloc);
|
||||
// ensure NULL pointers for the additional memory just acquired
|
||||
memset(private_ppt + n_used, 0, sizeof(proc_t*) * (n_alloc - n_used));
|
||||
@ -2896,8 +2886,6 @@ static void procs_refresh (void) {
|
||||
#undef n_used
|
||||
} // end: procs_refresh
|
||||
|
||||
#undef grow_by_size
|
||||
|
||||
|
||||
/*
|
||||
* This serves as our interface to the memory & cpu count (sysinfo)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user