From owner-freebsd-current@FreeBSD.ORG Fri Jan 20 20:21:11 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D2A116A41F; Fri, 20 Jan 2006 20:21:11 +0000 (GMT) (envelope-from fli+freebsd-current@shapeshifter.se) Received: from mx1.h3q.net (manticore.shapeshifter.se [212.37.5.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1702443D53; Fri, 20 Jan 2006 20:21:09 +0000 (GMT) (envelope-from fli+freebsd-current@shapeshifter.se) Received: from localhost (localhost [127.0.0.1]) by mx1.h3q.net (Postfix) with ESMTP id 5036B1A8C6; Fri, 20 Jan 2006 21:21:07 +0100 (CET) Received: from mx1.h3q.net ([127.0.0.1]) by localhost (mx1.h3q.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 62508-09; Fri, 20 Jan 2006 21:21:06 +0100 (CET) Received: from [192.168.0.83] (81-234-243-91-o926.tbon.telia.com [81.234.243.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.h3q.net (Postfix) with ESMTP id E976C1A84C; Fri, 20 Jan 2006 21:21:05 +0100 (CET) Message-ID: <43D1462B.8080807@shapeshifter.se> Date: Fri, 20 Jan 2006 21:20:59 +0100 From: Fredrik Lindberg User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050928) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Giorgos Keramidas References: <20060120193620.GA26029@troutmask.apl.washington.edu> <20060120200449.GB94172@flame.pc> In-Reply-To: <20060120200449.GB94172@flame.pc> Content-Type: multipart/mixed; boundary="------------060604060305040101040307" X-Virus-Scanned: amavisd-new at h3q.net Cc: freebsd-current@freebsd.org, jasone@freebsd.org, Steve Kargl Subject: Re: top(1) aborts in redzone X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 20:21:11 -0000 This is a multi-part message in MIME format. --------------060604060305040101040307 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Giorgos Keramidas wrote: > On 2006-01-20 11:36, Steve Kargl wrote: > >>75 processes: 5 running, 70 sleeping >>CPU states: 98.3% user, 0.0% nice, 1.7% system, 0.0% interrupt, 0.0% idle >>Mem: 586M Active, 1202M Inact, 200M Wired, 20K Cache, 214M Buf, 9752M Free >>Swap: 17G Total, 17G Free >> >>top: (malloc) Corrupted redzone 1 byte after 0x2020056f0 (size 1975) (0x0)D >>Abort (core dumped) 1 132 0 295M 257M RUN 0 5:07 93.95% scat >>troutmask:kargl[202] 132 0 295M 257M RUN 0 5:02 93.26% scat >> >>The above happened as I was resizing an xterm with an >>actively run top(1). This is on amd64 with malloc.c >>v 1.100. > > > Can you file a bug report please? I will look into this, as I can > reproduce it here, but I don't want it to be forgotten or lost in > list-noise. > > Thanks in advance :) > It's writing past its buffer when a line gets truncated. Either increase the buffer by one, or decrease the offset on the places where it is manupulating the buffer. Both solutions work (I tried them), the easiest one is attached. Fredrik Lindberg --------------060604060305040101040307 Content-Type: text/plain; name="display.c-20060120.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="display.c-20060120.patch" Index: display.c =================================================================== RCS file: /home/ncvs/src/contrib/top/display.c,v retrieving revision 1.9 diff -u -r1.9 display.c --- display.c 19 May 2005 13:34:19 -0000 1.9 +++ display.c 20 Jan 2006 20:18:03 -0000 @@ -114,7 +114,7 @@ } /* now, allocate space for the screen buffer */ - screenbuf = (char *)malloc(lines * display_width); + screenbuf = (char *)malloc(lines * (display_width + 1)); if (screenbuf == (char *)NULL) { /* oops! */ --------------060604060305040101040307--