[Bug 1068] New: pmUnitsStr_r can clobber memory

To:	pcp@xxxxxxxxxxx
Subject:	[Bug 1068] New: pmUnitsStr_r can clobber memory
From:	bugzilla-daemon@xxxxxxxxxxx
Date:	Mon, 06 Oct 2014 21:29:05 +0000
Auto-submitted:	auto-generated
Delivered-to:	pcp@xxxxxxxxxxx

Bug ID	1068
Summary	pmUnitsStr_r can clobber memory
Product	pcp
Version	unspecified
Hardware	All
OS	Linux
Status	NEW
Severity	major
Priority	P5
Component	pcp
Assignee	pcp@kenj.com.au
Reporter	fche@redhat.com
CC	pcp@oss.sgi.com
Classification	Unclassified

The way pmUnitsStr_r accumulates text fragments to create
the complete units text string ignores the incoming
string's buffer length to some extent and can
slightly smash the stack.

% cat foo.c

#include <pcp/pmapi.h>
#include <stdio.h>
#ifndef SIZE
#define SIZE 1
#endif
char buffer[SIZE];

void main() {
  pmUnits foo = {.dimSpace=7, .dimTime=-8, .dimCount=7,
                 .scaleSpace=PM_SPACE_TBYTE, .scaleTime=PM_TIME_USEC,
.scaleCount=7 };
  (void) pmUnitsStr_r(& foo, buffer, sizeof(buffer));
  printf ("%*s\n", sizeof(buffer), buffer);
}

% gcc foo.c -lpcp
% ./a.out
  / microsec^8
% valgring ./a.out
*** does not complain (on my f19 x86-64 box)

(just for reference:)
% gcc foo.c -lpcp -DSIZE=40
% ./a.out
Tbyte^7 count x 10^7^7 / microsec^8

(that ^7^7 part looks fishy too, btw).

You are receiving this mail because:

You are on the CC list for the bug.

<Prev in Thread]	Current Thread	[Next in Thread>
[Bug 1068] New: pmUnitsStr_r can clobber memory, bugzilla-daemon <= [Bug 1068] pmUnitsStr_r can clobber memory, bugzilla-daemon [Bug 1068] pmUnitsStr_r can clobber memory, bugzilla-daemon

Previous by Date:	Re: qa/946 - pmfind question, Ken McDonell
Next by Date:	Re: [pcp] qa/946 - pmfind question, Dave Brolley
Previous by Thread:	qa/946 - pmfind question, Ken McDonell
Next by Thread:	[Bug 1068] pmUnitsStr_r can clobber memory, bugzilla-daemon
Indexes:	[Date] [Thread] [Top] [All Lists]