Re: top(1) aborts in redzone

From: Fredrik Lindberg <fli+freebsd-current_at_shapeshifter.se>
Date: Fri, 20 Jan 2006 21:20:59 +0100
Giorgos Keramidas wrote:
> On 2006-01-20 11:36, Steve Kargl <sgk_at_troutmask.apl.washington.edu> wrote:
> 
>>75 processes:  5 running, 70 sleeping
>>CPU states: 98.3% user,  0.0% nice,  1.7% system,  0.0% interrupt,  0.0% idle
>>Mem: 586M Active, 1202M Inact, 200M Wired, 20K Cache, 214M Buf, 9752M Free
>>Swap: 17G Total, 17G Free
>>
>>top: (malloc) Corrupted redzone 1 byte after 0x2020056f0 (size 1975) (0x0)D
>>Abort (core dumped) 1 132    0   295M   257M RUN    0   5:07 93.95% scat
>>troutmask:kargl[202]  132    0   295M   257M RUN    0   5:02 93.26% scat
>>
>>The above happened as I was resizing an xterm with an
>>actively run top(1).  This is on amd64 with malloc.c
>>v 1.100.
> 
> 
> Can you file a bug report please?  I will look into this, as I can
> reproduce it here, but I don't want it to be forgotten or lost in
> list-noise.
> 
> Thanks in advance :)
> 

It's writing past its buffer when a line gets truncated.
Either increase the buffer by one, or decrease the offset on the
places where it is manupulating the buffer.
Both solutions work (I tried them), the easiest one is attached.

Fredrik Lindberg

Index: display.c
===================================================================
RCS file: /home/ncvs/src/contrib/top/display.c,v
retrieving revision 1.9
diff -u -r1.9 display.c
--- display.c	19 May 2005 13:34:19 -0000	1.9
+++ display.c	20 Jan 2006 20:18:03 -0000
_at__at_ -114,7 +114,7 _at__at_
     }
 
     /* now, allocate space for the screen buffer */
-    screenbuf = (char *)malloc(lines * display_width);
+    screenbuf = (char *)malloc(lines * (display_width + 1));
     if (screenbuf == (char *)NULL)
     {
 	/* oops! */
Received on Fri Jan 20 2006 - 19:21:11 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:51 UTC