Re: procfs crash and fix

Sun, 26 Oct 2008 21:46:42 -0700 

Thanks for finding this. I'll incorporate the fix.

Amit

On Oct 26, 8:41 pm, Francis Devereux <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I was playing around with procfs today, and when I did "cat /proc/*/
> cmdline" procfs crashed with a segmentation fault.  I re-ran procfs in  
> gdb and saw that the crash was caused by the while loop in  
> getproccmdline trying to read past the end of target_argv.  This was  
> when it was getting the command-line for a postgresql process that had  
> changed its argc, so the command-line reported by ps was "postgres:  
> writer process
> ".
>
> I added a check for the end of the target_argv buffer and re-rand  
> "cat /proc/*/cmdline", which now works without a crash.  The patch is  
> below.
>
> Regards,
>
> Francis
>
> P.S. this is with procfs from subversion r1273, and MacFuse 1.9.23.
>
> Index: procfs.cc
> ===================================================================
> --- procfs.cc   (revision 1273)
> +++ procfs.cc   (working copy)
> @@ -1816,7 +1816,7 @@
> {
>     int i, mib[4], rlen, tlen, thislen;
>     int    argmax, target_argc;
> -    char *target_argv;
> +    char *target_argv, *target_argv_end;
>     char  *cp;
>     size_t size;
>
> @@ -1837,6 +1837,8 @@
>         return -1;
>     }
>
> +    target_argv_end = target_argv + argmax;
> +
>     mib[0] = CTL_KERN;
>     mib[1] = KERN_PROCARGS2;
>     mib[2] = pid;
> @@ -1853,8 +1855,14 @@
>     rlen = len;
>     tlen = 0;
>     for (i = 1; i < target_argc + 1; i++) {
> -        while (*cp == '\0')
> +        while (cp < target_argv_end && *cp == '\0')
>             cp++;
> +        if (cp == target_argv_end) {
> +            // We have reached the end of target_argv without finding
> +            // target_argc arguments.  This can happen when a process  
> has
> +            // changed its argv (for example, postgresql does this).
> +            break;
> +        }
>         thislen = snprintf(cmdlinebuf + tlen, rlen, "%s ", cp);
>         tlen += thislen;
>         rlen -= thislen;
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"MacFUSE" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/macfuse?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to