[ the original newlib commit message(s) appear below ]
[ but 'cpu utilization' was not implemented to avoid ]
[ any library modifications and thus version impact! ]
--------------------------------- newlib patch #1 ---
top: added fields for 'start time' & 'cpu utilization'
This patch will exploit some new library capabilities.
[ one will raise eyebrows, the other likely will not ]
A new 'STARTED' field was added which shows the time a
process started after system boot. As such the largest
interval represents the most recently started process.
This is the field that will likely be questioned since
it's somewhat counterintuitive. But were we to instead
use TIME_ELAPSED, the value will change with every top
refresh. This will defeat any PUFF macro optimization.
The new '%CUU' field will probably be better received.
It represents the cpu usage over the life of the task.
When a process was showing high %CPU usage, this field
can be used to determine if it's an anomaly or normal.
[ and as with %CPU, %CUU shows a '?' when running in ]
[ a namespace when /proc was mounted with subset=pid ]
---------------------------------- newlib patch #2 ---
top: tweaked the recently introduced 'STARTED' support
When the 'STARTED' field was added, the width was made
the same as the 'TIME+' field. Thus, a full time could
be shown (which then included hundredths of a second).
That kind of granularity is totally unnecessary. After
all, this column is potentially confusing enough since
it is so counterintuitive. So, this commit will reduce
the width of the field with some help from scale_tics.
Henceforth it will not include those ol' centiseconds.
[ along the way let's expand the man document with a ]
[ a remainder about content representation & scaling ]
Signed-off-by: Jim Warner <james.warner@comcast.net>
[ the original newlib commit message(s) appear below ]
---------------------------------- newlib patch #1 ---
top: refactor 'scale_tics' function for better scaling
This patch refactors the 'scale_tics' function to more
closely parallel uptime shown on the first line of the
summary area. The old logic has been preserved through
the header file's new #define SCALE_FORMER provision.
However, the former logic was actually a big disaster.
These are some potential problems with that old logic:
1. With respect to our time fields top no longer deals
solely with cpu time. So, the old limits of '68 weeks'
could possibly be insufficient to reflect those times.
2. Given the widths of top's new time fields, the code
never got beyond scaling to hours. For example, with a
ridiculously large span of 19 years, the scaled result
would then be shown as '167832h'. We never reached the
days ('6993d') or even the weeks ('999w') equivalents.
3. Similarly, with that 'TIME+' field and a large tics
value, results would then appear as 'MMMMMM:SS' rather
than the more meaningful 'HH:MM:SS' or days and hours.
So henceforth we will adopt these scaling conventions:
MMM:SS.hh ... minutes:seconds.hundredths
MMM:SS ...... minutes:seconds
HH,MM ....... hours,minutes
D+H ......... days+hours (with 'd' & 'h' suffixes)
D ........... days (with 'd' suffix)
W+D ......... weeks+days (with 'w' & 'd' suffixes)
W ........... weeks (with 'w' suffix)
Note that, unlike our former scaling logic, that 'MMM'
portion won't be allowed to grow unconditionally. It's
limited (arbitrarily?) to 360 total minutes (6 hours).
Additionally, the 'HH' guy will be limited to 96 hours
(4 days) while that 'D' limit was set at 14 (2 weeks).
Whenever a limit is hit, scaling will advance a level.
---------------------------------- newlib patch #2 ---
top: extended 'scale_tics' function for Ctrl-E scaling
That normalization of the 'scale_tics' function in the
prior commit convinced me that I won't please everyone
with my arbitrary choices for the scaling transitions.
So, this patch will provide the users with a means for
setting their own scaling transition points with a new
toggle. Ctrl-E was chosen since the 'e/E' toggles were
already present as a means of scaling (albeit memory).
[ this toggle will also serve an educational purpose ]
[ by allowing one to see all the scaling conventions ]
The scaling a user establishes is saved in the rcfile.
---------------------------------- newlib patch #3 ---
top: enhanced 'scale_tics' function for Ctrl-E scaling
When scale_tics was refactored and then Ctrl-E support
added to top, the complete range of scaling values was
not visible. Namely, a single 'd' (days) & 'w' (weeks)
was never seen with ^E. With this commit they will be.
Signed-off-by: Jim Warner <james.warner@comcast.net>
This patch was prompted by the merge request for pgrep
referenced below. In top's case, any performance gains
will be minimal since the now defunct strncpy was only
employed for termcap rebuilds after interacting with a
user (+ 1 other non-termcap related user interaction).
[ golly, strncpy always calls at least two functions ]
[ but usually calls a total of 3. on the other hand, ]
[ memccpy will only call a maximum of two functions. ]
And thanks to Baruch Siach for these strncpy insights.
Reference(s):
https://gitlab.com/procps-ng/procps/-/merge_requests/148
Signed-off-by: Jim Warner <james.warner@comcast.net>
When in forest view mode, that focus toggle ('F') is a
useful tool occasionally. But, if a focused parent has
enough cloned siblings to exceed screen rows, it could
be hard to remember that such a toggle remains active.
So, this patch will provide a subtle visual clue added
to the leftmost position in the COMMAND column. Now if
the focus toggle was active, regardless of total tasks
affected, the users will always know when it's active.
Reference(s):
. 07/28/21, introduced new focus toggle ('F')
commit bdd50fa2fc
. 09/23/21, ensure focused tasks stay focused
commit d7e6c27a79
Signed-off-by: Jim Warner <james.warner@comcast.net>
[ you wouldn't believe how many back-and-forths were ]
[ involved in Craig convincing me there were several ]
[ inconsistencies. i am so dense sometimes (often?). ]
Reference(s):
. 01/2022, newlib branch equivalent commits
commit 91ffe81734
commit c83cd6e6c0
Signed-off-by: Jim Warner <james.warner@comcast.net>
Over the years the summary_show function has increased
from around 77 lines of code & comments to its current
size of 195 lines. This is well beyond an ideal length
of available screen rows. So this patch will split it.
We'll take the cpu and memory duties and make separate
functions out of them. Of course, this will incur some
additional call overhead but, given current cpu/memory
logic, any such increase really becomes insignificant.
Now summary_show's a svelte 31 lines of code/comments.
[ this is like what was done to that do_key function ]
[ a decade ago except overhead of new function calls ]
[ plus table lookup was even less of a concern since ]
[ a human was involved, not normal iterative output. ]
Reference(s):
. 01/03/22, newlib branch equivalent commit
commit cbff1d;d10645cb8c7fc55dda08b06fbafed05932
Signed-off-by: Jim Warner <james.warner@comcast.net>
In the patch referenced below the focus task logic was
improved to ensure that newly cloned tasks 'above' the
focused task did not force an effect like the up arrow
key. That commit also acknowledged that when some task
'above' ended, it *would* act like the down arrow key.
Well, with this commit a task ending 'above' a focused
task no longer distorts the focus. That's assuming the
new '#define FOCUS_HARD_Y' is specified plus the total
focused tasks does not exceed the current screen rows.
Thus, the manual scrolling with up and down arrow keys
is allowed when the total focused exceeds screen rows.
[ but keep in mind that when a focused task has been ]
[ hardened some otherwise useful toggles will not be ]
[ available. keystrokes like 'v' and even 'F' itself ]
[ can not be applied to another task with no scroll. ]
Reference(s):
. 01/03/22, newlib branch equivalent commit
commit 0e744d3656
. 09/24/21, master branch 'focus' logic improved
commit d7e6c27a79
Signed-off-by: Jim Warner <james.warner@comcast.net>
This just updates the copyright dates in the documents
within the top subdirectory only. Others are unchanged.
Reference(s):
. 01/01/22, newlib branch equivalent commit
commit afdd4690fc
Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is an example of what can happen when this
author is waiting around for the release of our newlib
& otherwise runs out of legitimate changes to be made.
[ on the other hand, such changes surely make us run ]
[ quite a bit more efficiently, if i am not mistaken ]
Reference(s):
. 09/14/21, newlib branch equivalent commit
commit 6049c13b4d
Signed-off-by: Jim Warner <james.warner@comcast.net>
While experimenting with a new feature, wherein select
fields display the total upon request, the capacity of
the 'num' passed to some 'scale' guys became an issue.
So this commit will, with the compiler's help, put the
responsibility for converting the integer into a float
within the calling code (instead of the called logic).
Reference(s):
. 03/08/21, newlib branch equivalent commit
commit 62928cf461
Signed-off-by: Jim Warner <james.warner@comcast.net>
The Inspection feature already offered an INSP_SLIDE_1
provision. This patch now offers similar extensions to
variable width column scrolling (assuming SCROLLVAR_NO
isn't defined). Such a provision was useful during the
development of some recent library UTF-8 enhancements.
Reference(s):
. 12/30/20, newlib branch equivalent commit
commit edce9ed612
Signed-off-by: Jim Warner <james.warner@comcast.net>
For quite some time now, top has stood out like a sore
thumb regarding the approach to cmdline options & help
text. Only short options were used and that same help
text was displayed for '-h' (help) plus 'v' (version).
[ also, top 'rolled his own' when it came to parsing ]
[ options while avoiding that getopt implementation. ]
Well, with this commit all of that has changed and top
now has added a long form of his options. Additionally
he employs getopt_long() for the bulk of that parsing.
[ however, top will still avoid separate fputs calls ]
[ characteristic of other procps-ng programs when it ]
[ comes to help. rather all such text is one string. ]
Along the way, the following major getopt deficiencies
were addressed, assuming the absence of a new #define:
* an equals sign ('=') is allowed on both option forms
* whitespace is allowed before & after the equals sign
* optional arguments needn't abut their related option
for short form nor is an '=' required with either form
Signed-off-by: Jim Warner <james.warner@comcast.net>
Catch-up with newlib, original commit message follows:
------------------------------------------------------
This new #define will produce top results identical to
the results achieved for './configure --disable-numa'.
However it keeps the change entirely local to our top.
[ it has been introduced to test the following patch ]
Signed-off-by: Jim Warner <james.warner@comcast.net>
The commit shown below introduced two abreast printing
for %Cpu statistics. But, the Memory & Swap lines have
always been printed on separate lines when '4' was on.
With this commit, those lines will now be treated just
like %Cpu stats, either separate lines or two abreast.
Reference(s):
. May 2020, added '4' toggle for 2 abreast
commit fca48e7e99
Signed-off-by: Jim Warner <james.warner@comcast.net>
When the '4' toggle is on, and Summary Area %Cpu lines
are shown two abreast, it's not always clear where the
separation is between the two processors. So with this
patch we'll now print a vertical bar separator between
them (looking similar to the existing field headings).
We will also reduce that 'GRAPH_suffix' constant to 1,
reflecting the the trailing ']' bracket only, so as to
maximize top's exploitation of available screen width.
[ plus a superfluous double '+ +' has now been fixed ]
Signed-off-by: Jim Warner <james.warner@comcast.net>
Just to see if I could, the new #define will force the
indentation of a parent task to be reset to zero while
maintaining the proper child indentation relationship.
Signed-off-by: Jim Warner <james.warner@comcast.net>
Sometimes, it might be useful to isolate a parent task
and its forked children from other system activity. As
an example, a user might want to examine workload in a
specific lxc container. Or maybe there is some need to
question what's happening under the same tmux session.
Since forest view mode tends to be a relatively stable
display, it will sometimes satisfy the above need. But
that mode can't currently guarantee the target process
always remains as the topmost task or even is visible.
So, this patch will enable focusing on any parent task
and keeping it as the topmost process while displaying
it and its forked children only. It then appears as if
there is no other activity in that system by virtue of
the blank lines which follow that final child process.
To implement this new feature, top's redundant 'F' key
has been repurposed. It made little sense devoting two
keys to the Fields Management screen (especially since
the key we've taken required two separate keystrokes).
[ and while we're at it, i also added punctuation to ]
[ that prologue for 'forest_display' since all other ]
[ forest functions used punctuation. And, instead of ]
[ a pointer to a proc_t he will now get a ppt index. ]
Signed-off-by: Jim Warner <james.warner@comcast.net>
In the patch referenced below, 2 potential abends were
fixed both of which involved 'alternate display mode'.
The root cause of those abends was a negative value in
the 'begnext' field for other than the current window.
And while that potential is fixed for now the existing
code almost invites such problems again in the future.
So, this patch will remove any temptation to name some
other window in the 'mkVIZrow1' macro. And, since that
macro is not the only source of 'begnext' changes, the
'mkVizrowX' is being added to identify such occasions.
[ and for symmetry i've added a 'mkVIZyes' macro and ]
[ ameliorated an otherwise surreptitious assignment! ]
Reference(s):
commit 84e85611c3
Signed-off-by: Jim Warner <james.warner@comcast.net>
With that commit referenced below, which preserved the
'4' and + '!' toggles in the rcfile, this VER_J_RCFILE
macro was made superfluous. But, it was never removed.
Reference(s):
commit f858e563b7
Signed-off-by: Jim Warner <james.warner@comcast.net>
All of these changes are self-explanatory, so I'll not
provide any more comments thus avoiding further shame.
[ everything's perfectly justified and right margins ]
[ are filled entirely, but of course it must be luck ]
Signed-off-by: Jim Warner <james.warner@comcast.net>
This patch will address Craig's feedback regarding the
original implementation of top's two new toggles. It's
likely other users would have questioned why they were
not saved also, once they discover these new features.
And, since the minimum terminal width was just lowered
to 80 columns, the default for window #1 is also being
changed to show the individual cpu graphs two abreast.
[ assuming no '--disable-modern-top' for ./configure ]
Reference(s):
https://gitlab.com/procps-ng/procps/-/issues/172https://www.freelists.org/post/procps/two-major-changes-to-top,1
Signed-off-by: Jim Warner <james.warner@comcast.net>
For the original implementation of the '4' toggle, the
minimum width was set at 165 columns. This was done to
avoid truncations when detailed cpu statistics (versus
graphs) were being displayed. Those can not be scaled.
Upon reflection, it seems more appropriate to give the
user the choice of whether or not to truncate. And, by
reducing that minimum width requirement to 80 columns,
we'll vastly expand potential use of two abreast mode.
[ we'll keep that original as '#define TOG4_NOTRUNC' ]
The patch also updates the man document appropriately.
Along the way, we will trade the potentially confusing
word 'adjacent' for the more natural 'additional' when
detailing the '!' toggle in 4b. Summary-Area-Commands.
Reference(s):
https://gitlab.com/procps-ng/procps/-/issues/172https://www.freelists.org/post/procps/two-major-changes-to-top
Signed-off-by: Jim Warner <james.warner@comcast.net>
This patch simply allows for better testing of our two
new toggles: '4' (2 abreast) plus '!' (combined cpus).
Signed-off-by: Jim Warner <james.warner@comcast.net>
When implementing that earlier '4' toggle, in response
to the issue referenced below, I got to thinking about
those environments with massively parallel processors.
Such environments may not benefit from the '4' toggle.
So, I decided to implement a feature that could enable
use of those '1' and/or '4' toggles no matter how many
active processors top may have ultimately encountered.
With the new '!' toggle, adjacent cpus can be combined
to any degree, represented as a single cpu group/line.
Reference(s):
https://gitlab.com/procps-ng/procps/-/issues/172
Signed-off-by: Jim Warner <james.warner@comcast.net>
In the back of my mind, I've always wanted to enable a
two abreast cpu display. Folks with massively parallel
machines must surely have been frustrated with the '1'
toggle when Off (individual cpus in the Summary Area).
So, I'll use that recently raised issue shown below as
a justification for finally implementing this feature.
Reference(s):
https://gitlab.com/procps-ng/procps/-/issues/172
Signed-off-by: Jim Warner <james.warner@comcast.net>
Wow, hard to believe the extraneous comment line dates
all way back to an introduction of NLS support (2011).
Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit duplicates a change to that newlib branch.
However, it should be noted that such a change was not
really necessary under this master branch since proc_t
data remains valid much longer. It is being duplicated
here as documentation only. Below is the original msg.
------------------------------------------------------
This patch will eliminate a bug which is unique to our
newlib branch. It's extremely rare and only happens if
a search ('L'/'&') is initiated during the period when
fields are currently being auto-sized (AUTOX_MODE on).
This bug surfaces as either all zero results for tasks
displayed or a segmentation fault, depending upon what
fields were activated. It is caused by the timing of a
call to the <pids> 'reset' function. When called after
a task refresh, but before do_key(), this bug appears.
So this patch just ensures that 'reset' will be called
after do_key() & before the tasks have been refreshed.
------------------------------------------------------
Signed-off-by: Jim Warner <james.warner@comcast.net>
Beyond the copyrights, the single oops in the man page
was introduced in the commit which is referenced below
dealing with some cleanup following that Qualys audit.
Reference(s):
. man page error introduced
commit e531c78140
Signed-off-by: Jim Warner <james.warner@comcast.net>
Currently, except for tasks that have no parents, when
a process' children are collapsed the '+' indicator is
shown in the first position within that COMMAND field.
This commit simply provides for indenting the '+' char
so it displays next to that program name/command line.
Signed-off-by: Jim Warner <james.warner@comcast.net>
In that commit referenced below, a few edge cases were
addressed regarding vertical positioning involving any
'hidden' tasks. But, 2 additional edge cases remained.
In a running top, if the user employed 'other filters'
(o/O) or 'user filters' (u/U) proper vertical position
was not ensured. And, while this could be easily fixed
by striking the home/end or up/down arrow keys, it was
very poor etiquette to shift this burden to the users.
So, this patch plugs that gap, automating the process.
Reference(s):
commit c6e68e2fed
Signed-off-by: Jim Warner <james.warner@comcast.net>
Our newlib branch has already dropped support for such
old kernels. However, the master branch still supports
them. So this patch will correct a broken #define that
is used to influence the top Summary Area information.
Signed-off-by: Jim Warner <james.warner@comcast.net>
Using Ctrl-V for the collapse children key now appears
as a mistake. First, it's too close to that Ctrl-C key
which would prematurely terminate top. Second, a lower
case 'v' was unused and perfectly compliments an upper
case 'V' which is used to toggle 'forest view' itself.
Reference(s):
https://gitlab.com/procps-ng/procps/issues/99
Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit just addresses these miscellaneous issues:
. always use 'p' for pointers to that proc_t structure
. always match order of local #undef to parent #define
. forest_create use of array index made more efficient
Signed-off-by: Jim Warner <james.warner@comcast.net>
Now, when a parent's children have been collapsed, the
cpu used by those unseen tasks will disappear no more.
Instead such tics will be added to the parent's total.
[ if one wished a return to the 'land of lost tics', ]
[ the '#define TREE_VCPUOFF' directive is available. ]
------------------------------------------------------
Note: With collapsible parents now displaying children
cpu usage, it will eventually be noticed the cpu stats
for the summary area and task areas often vary widely.
It's worth a reminder that for top's summary area each
individual cpu and the cpu summary is limited to 100%,
regardless of how many tics a linux kernel may export.
An individual task is limited to 100% times the number
of threads. But, in no case will cpu usage ever exceed
100% times total number of processors. Such limits are
further reduced under 'Solaris' mode ('I' toggle off).
In this mode, a task cpu usage will never exceed 100%.
These limits will now also apply to collapsed parents.
In addition to those influences, results are subjected
to kernel timer sampling anomalies and the distortions
inherent in a small sample size, made worse by smaller
delay intervals. Often there is just 1 or 2 tics for a
few tasks at smaller intervals such as: 1/10th second.
Anyway, should questions on this subject arise, a good
starting point, beyond the reminders above, is the 1st
link listed below. Those other links were derivatives.
Reference(s):
. from the kernel documentation
https://www.kernel.org/doc/Documentation/cpu-load.txt
. as mentioned in the above kernel documentation
https://lkml.org/lkml/2007/2/12/6
. from above, with many more links on the subject
https://www.boblycat.org/~malc/apc/
Signed-off-by: Jim Warner <james.warner@comcast.net>
top: parent total cpu includes collapsed children, pgm
So that the impact (minimal) of the next commit can be
isolated, this commit just involves a little renaming,
reformat plus a refactor of some proc_t pointer logic.
[ renaming, relocation and changes to 'user_matched' ]
[ wasn't strictly necessary, but now mirrors newlib. ]
Signed-off-by: Jim Warner <james.warner@comcast.net>
This patch just addresses some edge cases with respect
to 'unseen' tasks. Given the ability to preserve other
filters in the rcfile, it's entirely possible the very
first task(s) may not be visible at top startup. Also,
when switching between windows ('a'/'w') we should try
to always position its row #1 on some visible process.
Lastly, a window might have *NO* visible tasks at all.
Therefore, protect 'window_hlp' from an infinite loop.
Signed-off-by: Jim Warner <james.warner@comcast.net>
To my knowledge, nobody has ever complained about some
anomalies when scrolling vertically if tasks should be
hidden from view. This can happen with the user filter
('u/U') or other filter ('o/O') features. And although
some tasks are not shown, they still impact scrolling.
This is most apparent when that scroll coordinates msg
is on ('C') & up/down arrow keys used (vs. pgup/pgdn).
Now that we can collapse/expand forked children, there
is a potential for yet more of those hidden processes.
So this commit normalizes vertical scrolling providing
an expected behavior. In other words, the up/down keys
skip the unseen tasks to reposition on a visible task.
Signed-off-by: Jim Warner <james.warner@comcast.net>
This patch is simply preparation for upcoming vertical
scrolling enhancements. With those changes, it will be
impossible to predict what the beginning task position
should be at the time the message is currently issued.
This patch will allow such a message to be shown after
the individual windows' tasks have all been displayed.
Signed-off-by: Jim Warner <james.warner@comcast.net>
The issue cited below really dealt with preserving the
'Other filter' criteria in the rcfile. But as an aside
the htop 'F6' feature (collapsed children) was raised.
I took that as an implied challenge and decided to try
implementing a similar feature in top. So, this commit
will now provide a brand new forest view toggle ('^V')
which will be used to collapse/expand forked children.
[ this patch will also lead to additional patches in ]
[ support of more rational vertical scrolling, since ]
[ many more tasks might now be hidden in some window ]
Reference(s):
. where this secondary issue was raised
https://gitlab.com/procps-ng/procps/issues/99
Signed-off-by: Jim Warner <james.warner@comcast.net>
In anticipation of a new collapsible child feature, we
will have to make some forest view variables available
to that 'keys_task()' function. This commit just moves
the forest view logic ahead of tertiary input support.
Signed-off-by: Jim Warner <james.warner@comcast.net>
Well, after the rearranging and refactoring, all those
active 'other filter' entries for each window will now
be preserved in the user's configuration file via 'W'.
For raising the issue below, thanks to Marco Ippolito.
Reference(s):
https://gitlab.com/procps-ng/procps/issues/99
Signed-off-by: Jim Warner <james.warner@comcast.net>
If we are to support preserving 'other filter' entries
in the rcfile, then the current logic setting up those
osel entries for a WIN_t must be shareable for startup
and when interacting with a user. So, this commit just
repositions this current code in a shareable function.
[ along the way, we give the prior guy a proper name ]
Signed-off-by: Jim Warner <james.warner@comcast.net>
When we get around to saving that 'Other Filter' stuff
in the rcfile, we'll need access to the Fieldstab plus
the justify_pad() function. So this commit repositions
two 'osel' functions in anticipation of adding 1 more.
Signed-off-by: Jim Warner <james.warner@comcast.net>
The 'config_file()' function was getting a little long
in the tooth, so this commit simply renames/rearranges
some stuff anticipating 'other filters' in the rcfile.
Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit moves some overhead to the Batch mode path
where it's needed. And given the new 'else if' test we
can delete some now redundant logic in the other path.
Reference(s):
. original qualys patch
0117-top-Prevent-out-of-bounds-writes-in-PUFF.patch
commit 059ae8b512
Signed-off-by: Jim Warner <james.warner@comcast.net>
While it's only documented (so far) in commit text and
an occasional email I've tried to maintain some coding
standards primarily for reference/navigation purposes.
They also served, I felt, as useful mental challenges.
Someday I will get around to formerly documenting them
but in the meantime here are the ones for this commit:
. functions are grouped into logical (i hope) sections
. functions & sections are ordered to avoid prototypes
. function names are alphabetical within every section
. all functions & sections must be referenced in top.h
This patch just attempts to honor the above standards,
while also covering this new behavior in the man page.
[ please note that the net result of these 2 patches ]
[ is simply to avoid pathname truncations should our ]
[ limit of 1024 be exceeded. they do not have a role ]
[ in solving the 'local privilege escalation' issue. ]
[ and we can never prevent a user from setting their ]
[ HOME var to a directory writable by some attacker! ]
[ the only real protection for that CVE-2018-1122 is ]
[ those soon to be enhanced rcfile integrity checks, ]
[ achieved through several of the following patches. ]
Reference(s):
. original qualys patch
0097-top-Do-not-default-to-the-cwd-in-configs_read.patch
commit b45c4803dd
Signed-off-by: Jim Warner <james.warner@comcast.net>
This patch prevents three problems:
1/ Because snprintf() returns "the number of characters (excluding the
terminating null byte) which would have been written to the final string
if enough space had been available", _eol may point past the end of _str
and write out-of-bounds (in Batch mode).
2/ _eol is never checked against _str, so "while (*(--_eol) == ' ');"
may point _eol below _str and write out-of-bounds (in Batch mode).
3/ Sanity-check Pseudo_row to protect the strcpy().