Date: Tue, 23 Nov 2021 21:29:47 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 260006] Compressed user core files with large segments are truncated Message-ID: <bug-260006-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260006 Bug ID: 260006 Summary: Compressed user core files with large segments are truncated Product: Base System Version: 11.4-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: chris_horneck@dell.com Created attachment 229685 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D229685&action= =3Dedit Test program This problem can happen with kernels compiled with GZIO and sysctl kern.compress_user_cores=3D1. If the program being dumped has a memory segment with size >=3D 0xFFFFFFFF,= the segment will be silently truncated, which "damages" any memory segments wri= tten to the core file afterwards. The root of the problem is in imgact_elf.c. The function compress_chunk acc= epts a length of type u_int (32-bits), while it's callers pass lengths of type size_t (64-bits). Thus, any segment with a length that cannot fit in 32-bits will be truncated. The function compress_chunk lives on in later branches and appears to suffer the same problem. Trivial test program that allocates a large memory segment before crashing = is attached. Kernel must be compiled with GZIO and sysctl kern.compress_user_cores=3D1. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260006-227>