Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Feb 2008 18:00:04 GMT
From:      Jaakko Heinonen <jh@saunalahti.fi>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/92074: top(1) aborts in redzone
Message-ID:  <200802151800.m1FI04Vf018717@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR bin/92074; it has been noted by GNATS.

From: Jaakko Heinonen <jh@saunalahti.fi>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/92074: top(1) aborts in redzone
Date: Fri, 15 Feb 2008 19:52:31 +0200

 --n8g4imXOkfNTN/H1
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 
 I can reproduce this bug. After a research I found three bugs from
 top(1):
 
 1) Off-by-one error mentioned earlier in this PR.
 
 2) In u_process bufferline is not NULL-terminated. It's later passed to
 strlen(3) in line_update().
 
 3) line_update() references an invalid memory location when
 display_width is 0 (terminal is one character wide).
 
 The attached patch should fix these.
 
 -- 
 Jaakko
 
 --n8g4imXOkfNTN/H1
 Content-Type: text/x-diff; charset=us-ascii
 Content-Disposition: attachment; filename="top-resize-crash.diff"
 
 Index: display.c
 ===================================================================
 RCS file: /home/ncvs/src/contrib/top/display.c,v
 retrieving revision 1.10
 diff -u -r1.10 display.c
 --- display.c	18 Jan 2008 01:43:13 -0000	1.10
 +++ display.c	15 Feb 2008 12:36:03 -0000
 @@ -139,7 +139,7 @@
      }
  
      /* now, allocate space for the screen buffer */
 -    screenbuf = (char *)malloc(lines * display_width);
 +    screenbuf = (char *)malloc(lines * display_width + 1);
      if (screenbuf == (char *)NULL)
      {
  	/* oops! */
 @@ -801,6 +801,7 @@
  
      /* truncate the line to conform to our current screen width */
      newline[display_width] = '\0';
 +    bufferline[display_width] = '\0';
  
      /* is line higher than we went on the last display? */
      if (line >= last_hi)
 @@ -1137,6 +1138,9 @@
      fputs(new, debug);
      fputs("\n-\n", debug);
  #endif
 +
 +    if (display_width < 1)
 +        return;
  
      /* start things off on the right foot		    */
      /* this is to make sure the invariants get set up right */
 
 --n8g4imXOkfNTN/H1--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802151800.m1FI04Vf018717>