emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

top: Prevent integer overflows in procs_re... REVERTED

Browse Source 
That patch referenced below is being reverted because:

. By design, no other top macro looks like a function.
Instead, they all contain some minimal capitalization.
The 'grow_by_size' macro stands out like a sore thumb.

. We would need to approach 400+ million tasks for for
the 1st addressed problem to produce integer overflow.

. And a 2nd check against SSIZE_MAX remains a mystery.

Me thinks a system on which top is running will suffer
ENOMEM before we need to worry about integer overflow.

Reference(s):
. original qualys patch
0105-top-Prevent-integer-overflows-in-procs_refresh.patch
commit 131e5e2fe63f29edfc7df04b2b2a1682d93af846

Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Jim Warner 2018-05-18 00:00:00 -05:00 committed by Craig Small
parent 3b2235c266
commit c9dfcdebdc
1 changed files with 2 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
top/top.c
View File

@ -22,7 +22,6 @@
#include <fcntl.h> #include <fcntl.h>
#include <float.h> #include <float.h>
#include <limits.h> #include <limits.h>
#include <stdint.h>
#include <pwd.h> #include <pwd.h>
#include <signal.h> #include <signal.h>
#include <stdarg.h> #include <stdarg.h>
@ -2727,15 +2726,6 @@ static inline void hstput (unsigned idx) {
#undef _HASH_ #undef _HASH_
#endif #endif
#define grow_by_size(nmemb, over, size) do { \
if ((nmemb) < 0 || (size_t)(nmemb) >= INT_MAX / 5) \
error_exit("integer overflow in procs_refresh"); \
(nmemb) = (nmemb) * 5 / 4 + (over); \
if ((nmemb) < 0 || (size_t)(nmemb) >= SSIZE_MAX / (size)) \
error_exit("integer overflow in procs_refresh"); \
} while (0)
/* /*
* Refresh procs *Helper* function to eliminate yet one more need * Refresh procs *Helper* function to eliminate yet one more need
* to loop through our darn proc_t table. He's responsible for: * to loop through our darn proc_t table. He's responsible for:
@ -2807,7 +2797,7 @@ static void procs_hlp (proc_t *this) {
} }
if (Frame_maxtask+1 >= HHist_siz) { if (Frame_maxtask+1 >= HHist_siz) {
grow_by_size(HHist_siz, 100, sizeof(HST_t)); HHist_siz = HHist_siz * 5 / 4 + 100;
PHist_sav = alloc_r(PHist_sav, sizeof(HST_t) * HHist_siz); PHist_sav = alloc_r(PHist_sav, sizeof(HST_t) * HHist_siz);
PHist_new = alloc_r(PHist_new, sizeof(HST_t) * HHist_siz); PHist_new = alloc_r(PHist_new, sizeof(HST_t) * HHist_siz);
} }
@ -2869,7 +2859,7 @@ static void procs_refresh (void) {
for (;;) { for (;;) {
if (n_used == n_alloc) { if (n_used == n_alloc) {
grow_by_size(n_alloc, 10, sizeof(proc_t*)); n_alloc = 10 + ((n_alloc * 5) / 4); // grow by over 25%
private_ppt = alloc_r(private_ppt, sizeof(proc_t*) * n_alloc); private_ppt = alloc_r(private_ppt, sizeof(proc_t*) * n_alloc);
// ensure NULL pointers for the additional memory just acquired // ensure NULL pointers for the additional memory just acquired
memset(private_ppt + n_used, 0, sizeof(proc_t*) * (n_alloc - n_used)); memset(private_ppt + n_used, 0, sizeof(proc_t*) * (n_alloc - n_used));
@ -2896,8 +2886,6 @@ static void procs_refresh (void) {
#undef n_used #undef n_used
} // end: procs_refresh } // end: procs_refresh
#undef grow_by_size
/* /*
* This serves as our interface to the memory & cpu count (sysinfo) * This serves as our interface to the memory & cpu count (sysinfo)