Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package procps ps crashes when processes have larger than normal groups, essentially it is because the /proc/PID/status file is larger than 1024 bytes. This is NOT a buffer overflow but the parser gets all sad because it runs out of things to parse. The fix is a rather simple bump up the buffer from 1024 to 4096. This fixes bug #702965 which is merged with another. We (upstream) have a permanent fix in later versions that is much more intrusive. Strictly speaking, the bug is in libproc0 not procps, it is just that the binary ps crashes because of it. unblock procps/3.3.3-3 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru procps-3.3.3/debian/changelog procps-3.3.3/debian/changelog --- procps-3.3.3/debian/changelog 2012-06-17 18:06:28.000000000 +1000 +++ procps-3.3.3/debian/changelog 2013-03-28 21:14:02.000000000 +1100 @@ -1,3 +1,9 @@ +procps (1:3.3.3-3) UNRELEASED; urgency=low + + * 3.3.3-3 Fix ps crash with large process groups Closes: #702965 + + -- Craig Small <[email protected]> Thu, 28 Mar 2013 21:03:15 +1100 + procps (1:3.3.3-2) unstable; urgency=low * Fixes for kFreeBSD Closes: #674785 diff -Nru procps-3.3.3/debian/patches/bts702965-biggerbuff procps-3.3.3/debian/patches/bts702965-biggerbuff --- procps-3.3.3/debian/patches/bts702965-biggerbuff 1970-01-01 10:00:00.000000000 +1000 +++ procps-3.3.3/debian/patches/bts702965-biggerbuff 2013-03-28 21:17:28.000000000 +1100 @@ -0,0 +1,47 @@ +Description: ps: allow large list of groups + ps crashes when the information exceeds 1024 bytes in files such as + /proc/PID/status. +Origin: https://www.gitorious.org/procps/procps/commit/7933435584aa1fd75460f4c7715a3d4855d97c1c +Author: Eric Dumazet <[email protected]> +Reviewed-by: Craig Small <[email protected]> +Bug-Debian: http://bugs.debian.org/702965 +--- a/proc/readproc.c ++++ b/proc/readproc.c +@@ -353,7 +353,9 @@ + P->vm_swap = strtol(S,&S,10); + continue; + case_Groups: +- { int j = strchr(S, '\n') - S; // currently lines end space + \n ++ { char *nl = strchr(S, '\n'); ++ int j = nl ? (nl - S) : strlen(S); ++ + if (j) { + P->supgid = xmalloc(j+1); // +1 in case space disappears + memcpy(P->supgid, S, j); +@@ -723,7 +725,7 @@ + // room to spare. + static proc_t* simple_readproc(PROCTAB *restrict const PT, proc_t *restrict const p) { + static struct stat sb; // stat() buffer +- static char sbuf[1024]; // buffer for stat,statm,status ++ static char sbuf[4096]; // buffer for stat,statm,status + char *restrict const path = PT->path; + unsigned flags = PT->flags; + +@@ -827,7 +829,7 @@ + // path is a path to the task, with some room to spare. + static proc_t* simple_readtask(PROCTAB *restrict const PT, const proc_t *restrict const p, proc_t *restrict const t, char *restrict const path) { + static struct stat sb; // stat() buffer +- static char sbuf[1024]; // buffer for stat,statm,status ++ static char sbuf[4096]; // buffer for stat,statm,status + unsigned flags = PT->flags; + + if (unlikely(stat(path, &sb) == -1)) /* no such dirent (anymore) */ +@@ -1368,7 +1370,7 @@ + * and filled out proc_t structure. + */ + proc_t * get_proc_stats(pid_t pid, proc_t *p) { +- static char path[32], sbuf[1024]; ++ static char path[32], sbuf[4096]; + struct stat statbuf; + + sprintf(path, "/proc/%d", pid); diff -Nru procps-3.3.3/debian/patches/series procps-3.3.3/debian/patches/series --- procps-3.3.3/debian/patches/series 2012-06-17 18:00:06.000000000 +1000 +++ procps-3.3.3/debian/patches/series 2013-03-28 21:14:25.000000000 +1100 @@ -2,3 +2,4 @@ bts676239-pkill-u-option watch_8bit uptime_test +bts702965-biggerbuff
