https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260006
Bug ID: 260006
Summary: Compressed user core files with large segments are
truncated
Product: Base System
Version: 11.4-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Created attachment 229685
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=229685&action=edit
Test program
This problem can happen with kernels compiled with GZIO and sysctl
kern.compress_user_cores=1.
If the program being dumped has a memory segment with size >= 0xFFFFFFFF, the
segment will be silently truncated, which "damages" any memory segments written
to the core file afterwards.
The root of the problem is in imgact_elf.c. The function compress_chunk accepts
a length of type u_int (32-bits), while it's callers pass lengths of type
size_t (64-bits). Thus, any segment with a length that cannot fit in 32-bits
will be truncated.
The function compress_chunk lives on in later branches and appears to suffer
the same problem.
Trivial test program that allocates a large memory segment before crashing is
attached. Kernel must be compiled with GZIO and sysctl
kern.compress_user_cores=1.
--
You are receiving this mail because:
You are the assignee for the bug.
