Commit Graph

5 Commits

Author SHA1 Message Date
Qualys Security Advisory
f1077b7a55 proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the
reasons the integer overflows in file2strvec() are exploitable at all.
Also: catch potential integer overflow in xstrdup() (should never
happen, but better safe than sorry), and use memcpy() instead of
strcpy() (faster).

Warnings:

- in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here,
  because of the ++size;

- here, xstrdup() can return NULL (if str is NULL), which goes against
  the idea of the xalloc wrappers.

We were tempted to call exit() or xerrx() in those cases, but decided
against it, because it might break things in unexpected places; TODO?
2018-05-19 07:32:21 +10:00
Jim Warner
0003d704ac library: relocate the typedef used in alloc.h override
There is no longer justification for placing a typedef
employed in overriding that alloc.h message handler in
the procps.h header file. So this commit just moves it
to the alloc.h header file itself where's it's needed!

[ gosh, sure wish i had thought to relocate this guy ]
[ when the changes in the 1st commit shown were made ]

Reference(s):
. most recent related changes
commit 18e5aecd2b
. place where it *should* have been relocated
commit 2865ded64e

Signed-off-by: Jim Warner <james.warner@comcast.net>
2017-12-23 17:41:37 +11:00
Sami Kerola
c043c47ddd pmap: use correct types for memory allocation
Fixes error which did not happen always.  Changes of being affected by
the bug where greater the more there where pids defined as pmap argument.
The debian bug referral can almost certainly reproduce the problem,
especially when tried multiple times in row.

pmap: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr)
(((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct
malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >=
(unsigned long)((((__builtin_offsetof (struct malloc_chunk,
fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) -
1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) ==
0)' failed.

Reported-by: lee <lee@yun.yagibdah.de>
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688180
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
2012-11-06 22:22:11 +11:00
Jim Warner
7126cc4491 library: expanded/generalized memory allocation provisions
A callback provision in the form of xalloc_err_handler
(of type message_fn) was added to the alloc module.

This change allowed a program like top, who alters the
termios structure, to override the default fprint(stderr...)
behavior in the event of an error.

The new function xstrdup was also added for symmetry.
2011-12-11 22:26:49 +11:00
albert
5087f3dbf6 big header clean-up 2002-12-09 07:00:07 +00:00