[LTP] [PATCH 2/3] tunable/min_free_kbytes: remove map_count args

Wed, 29 Aug 2012 05:49:31 -0700 

as the type of total_mem is 'unsigned long', inside
32-bit system, it will overflow in this sentence
  map_count = total_mem * KB / MAP_SIZE

e.g: if total_mem > 4194304, 'total_mem*KB' will > ULONG_MAX.

after re-cehck the code, I found map_count was not necessary,
and removing it can fix the overflow issue.

Reported-by: Shuang Qiu <[email protected]>
Signed-off-by: Zhouping Liu <[email protected]>
---
 testcases/kernel/mem/tunable/min_free_kbytes.c | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/testcases/kernel/mem/tunable/min_free_kbytes.c 
b/testcases/kernel/mem/tunable/min_free_kbytes.c
index f8288ec..dde182c 100644
--- a/testcases/kernel/mem/tunable/min_free_kbytes.c
+++ b/testcases/kernel/mem/tunable/min_free_kbytes.c
@@ -177,31 +177,23 @@ static void test_tune(unsigned long overcommit_policy)
 
 static int eatup_mem(unsigned long overcommit_policy)
 {
-       int map_count, i;
        int ret = 0;
        unsigned long memfree;
-       void **addrs;
-
-       map_count = total_mem * KB / MAP_SIZE;
-       addrs = (void **)malloc(map_count * sizeof(void *));
-       if (addrs == NULL) {
-               perror("malloc");
-               return -1;
-       }
+       void *addrs;
 
        memfree = read_meminfo("MemFree:");
        printf("memfree is %lu kB before eatup mem\n", memfree);
-       for (i = 0; i < map_count; i++) {
-               addrs[i] = mmap(NULL, MAP_SIZE, PROT_READ|PROT_WRITE,
+       while (1) {
+               addrs = mmap(NULL, MAP_SIZE, PROT_READ|PROT_WRITE,
                    MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
-               if (addrs[i] == MAP_FAILED) {
+               if (addrs == MAP_FAILED) {
                        if (overcommit_policy != 1 && errno != ENOMEM) {
                                perror("mmap");
                                ret = -1;
                        }
                        break;
                }
-               memset(addrs[i], i, MAP_SIZE);
+               memset(addrs, 1, MAP_SIZE);
        }
        memfree = read_meminfo("MemFree:");
        printf("memfree is %lu kB after eatup mem\n", memfree);
-- 
1.7.11.2


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list

Reply via email to