[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: Bug#842: kpm dumps core with kernel-2.2.2-ac2
From: Aki M Laukkanen <amlaukka () cc ! helsinki ! fi>
Date: 1999-03-01 17:52:26
[Download RAW message or body]
Package: kpm
Version: 1.3
The version which comes with KDE 1.1 distribution dumps core on Linux
kernel 2.2.2-ac2 and probably on all kernels >= 2.2.2 series as
indicated by bug reports 812 and 814 too. I submitted this bug report
because the replies to these bug reports indicated that they though it
was a kernel bug which is not the case.
This is the ltrace output (the first 650000 bytes omitted for clarity):
> open("/proc/meminfo", 0, 027777774650) = 5
> read(5, " total: used: free:"..., 512) = 314
> close(5) = 0
> strstr(" total: used: free:"..., "MemTotal:") = "MemTotal:
> 31236 kB\nMemFree: "...
> sscanf(0xbffff841, 0x08064f0e, 0x08068104, 0x08068108, 0x0806810c) = 7
> strcpy(0xbffff9a8, "/proc") = 0xbffff9a8
> strcat("/proc", "/stat") = "/proc/stat"
> open("/proc/stat", 0, 027777774650) = 5
> read(5, "cpu 2436434 32 27865 785144\ndis"..., 512) = 512
> close(5) = 0
> sscanf(0xbffff7a8, 0x08064f7a, 0x0807484c, 0x08074850, 0x08074854) = 4
> strstr("cpu 2436434 32 27865 785144\ndis"..., "btime") = NULL
> sscanf(6, 0x08064f90, 0x08068120, 0, 0x080b37cc <unfinished ...>
> --- SIGSEGV (Segmentation fault) ---
> +++ killed by SIGSEGV +++
As we can see kpm tries to read the file "/proc/stat" and succeeds but
doesn't take into account that it isn't read completely as the return
value suggests.
>
~$ wc /proc/stat
12 268 693 /proc/stat
Then it proceeds to search for a substring which can't be found because it
hasn't been read yet. The return value plus strlen("btime ") is used
unchecked as a parameter for sscanf which results in the classical NULL
pointer bug.
PS. The /proc/meminfo case is just another not-yet-triggered bug.
--
D.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic