Bug 170424

Summary: procinfo crashing on X86_64
Product: [Fedora] Fedora Reporter: Sammy <umar>
Component: procinfoAssignee: Karel Zak <kzak>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-10-12 09:09:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sammy 2005-10-11 16:02:16 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8b5) Gecko/20051008 Fedora/1.5-0.5.0.beta2 Firefox/1.4.1

Description of problem:
Procinfo is crashing on my X86_64 system with everything at todays (10-11-2005)
rawhide level. This is a Dual-Core, Pentium 840 Extreme Edition, with 4GB of
ram.

This results in some servers like sendmail seeing too high load average and
rejecting incoming e-mails.

============================================================================

uname -a gives:

Linux compsci.cas.vanderbilt.edu 2.6.13-1.1600_FC5 #1 SMP Sat Oct 8 00:16:45 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux

procinfo gives:

*** buffer overflow detected ***: procinfo terminated
======= Backtrace: =========
/lib64/libc.so.6(__chk_fail+0x2f)[0x2aaaaaca39bf]
procinfo[0x402039]
procinfo[0x40634e]
/lib64/libc.so.6(__libc_start_main+0xef)[0x2aaaaabe2d2f]
procinfo[0x401999]
======= Memory map: ========
00400000-00409000 r-xp 00000000 08:05 1677187                            /usr/bin/procinfo
00509000-0050a000 rw-p 00009000 08:05 1677187                            /usr/bin/procinfo
0050a000-0052c000 rw-p 0050a000 00:00 0                                  [heap]
3067e00000-3067e03000 r-xp 00000000 08:05 4452400                        /lib64/libtermcap.so.2.0.8
3067e03000-3067f02000 ---p 00003000 08:05 4452400                        /lib64/libtermcap.so.2.0.8
3067f02000-3067f03000 rw-p 00002000 08:05 4452400                        /lib64/libtermcap.so.2.0.8
3ead200000-3ead20d000 r-xp 00000000 08:05 4452113                        /lib64/libgcc_s-4.0.2-20051007.so.1
3ead20d000-3ead30c000 ---p 0000d000 08:05 4452113                        /lib64/libgcc_s-4.0.2-20051007.so.1
3ead30c000-3ead30d000 rw-p 0000c000 08:05 4452113                        /lib64/libgcc_s-4.0.2-20051007.so.1
2aaaaaaab000-2aaaaaac5000 r-xp 00000000 08:05 4452171                    /lib64/ld-2.3.90.so
2aaaaaac5000-2aaaaaacb000 rw-p 2aaaaaac5000 00:00 0
2aaaaaaf3000-2aaaaaaf4000 rw-p 2aaaaaaf3000 00:00 0
2aaaaabc4000-2aaaaabc5000 r--p 00019000 08:05 4452171                    /lib64/ld-2.3.90.so
2aaaaabc5000-2aaaaabc6000 rw-p 0001a000 08:05 4452171                    /lib64/ld-2.3.90.so
2aaaaabc6000-2aaaaacf5000 r-xp 00000000 08:05 4452244                    /lib64/libc-2.3.90.so
2aaaaacf5000-2aaaaadf4000 ---p 0012f000 08:05 4452244                    /lib64/libc-2.3.90.so
2aaaaadf4000-2aaaaadf8000 r--p 0012e000 08:05 4452244                    /lib64/libc-2.3.90.so
2aaaaadf8000-2aaaaadfa000 rw-p 00132000 08:05 4452244                    /lib64/libc-2.3.90.so
2aaaaadfa000-2aaaaae00000 rw-p 2aaaaadfa000 00:00 0
7fffff948000-7fffff95d000 rw-p 7fffff948000 00:00 0                      [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vdso]
Linux 2.6.13-1.1600_FC5 (bhcompile.redhat.com) (gcc 4.0.2 20051007 ) #1 4CPU [compsci]

Memory:      Total        Used        Free      Shared     Buffers
Mem:       3985376     1676412     2308964           0       67412
Swap:      8193140           0     8193140

Aborted


Version-Release number of selected component (if applicable):
procinfo-18-16.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Have a X86_64 system running latest rawhide
2. Execute procinfo
3.
  

Additional info:
Comment 1 Sammy 2005-10-11 17:52:53 UTC 
OK...this seems to be kernel related. Works with 1.1526. This bug is related to
bug #169962.
Comment 2 Arjan van de Ven 2005-10-12 07:42:35 UTC 
can you install the procinfo-debuginfo rpm, then run this from inside gdb and
then type "bt"? That'll give the needed more detailed backtrace.
Comment 3 Arjan van de Ven 2005-10-12 07:45:39 UTC 
    char loadavg[32];

    fgets (line, sizeof (line), loadavgfp);
    strcpy (loadavg, line);


that is just plain bad code and is the most likely cause... but even if not it
wants fixing.
Comment 4 Karel Zak 2005-10-12 09:09:24 UTC 
Well, I've fixed some stupid things like strcpy() or sprintf() usage. But the
rest of the code is still too optimistic and doesn't check return values from
things like fgets(), strtok(), ....