[Bug 232206] [truss] update strsize parameter handling

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Nov 26 19:07:17 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232206

--- Comment #4 from David Carlier <devnexen at gmail.com> ---
The bug is mainly all about fixing a possible overflow when using string size
parameter, basically by giving a value over an integer maximum value.

Easily reproducible by "trussing" the syslog process with this sort of value (I
just print out the value on purpose):
truss -s 27836487264287642746284662746874678412834 ...
makes the process aborting

/usr/obj/usr/src/amd64.amd64/usr.bin/truss/truss -s
23894723984789237473278482974382479238794728379843828794 -p 1509
STRSIZE -1
select(10,{ 3 5 8 9 },0x0,0x0,0x0)               = 1 (0x1)
Bus error (core dumped)

whereas with a more "reasonable" value it works as always

/usr/obj/usr/src/amd64.amd64/usr.bin/truss/truss -s 80 -p 1553
STRSIZE 80
select(10,{ 3 5 8 9 },0x0,0x0,0x0)               = 1 (0x1)
read(5,"Firmware Error (ACPI): Could not resolve [\\_SB.PCI0.LPCB.HEC.ECRD],
AE_NOT_FOUN"...,2047) = 394 (0x18a)
writev(14,[{"Nov 26 19:06:24",15},{" ",1},{"freeflame",9},{"
",1},{"kernel",6},{": ",2},{"Firmware Error (ACPI): Could not resolve
[\\_SB.PCI0.LPCB.HEC.ECRD], AE_NOT_FOUN"...,102},{"\n",1}],8) = 137 (0x89)
writev(14,[{"Nov 26 19:06:24",15},{" ",1},{"freeflame",9},{"
",1},{"kernel",6},{": ",2},{"ACPI Error: Method parse/execution failed
\\_TZ.TZ00._TMP, AE_NOT_FOUND (2018103"...,93},{"\n",1}],8) = 128 (0x80)
writev(14,[{"Nov 26 19:06:24",15},{" ",1},{"freeflame",9},{"
",1},{"kernel",6},{": ",2},{"Firmware Error (ACPI): Could not resolve
[\\_SB.PCI0.LPCB.HEC.ECRD], AE_NOT_FOUN"...,102},{"\n",1}],8) = 137 (0x89)
writev(14,[{"Nov 26 19:06:24",15},{" ",1},{"freeflame",9},{"
",1},{"kernel",6},{": ",2},{"ACPI Error: Method parse/execution failed
\\_TZ.TZ01._TMP, AE_NOT_FOUND (2018103"...,93},{"\n",1}],8) = 128 (0x80)
read(5,0x7fffffffde50,2047)                      ERR#35 'Resource temporarily
unavailable'
select(10,{ 3 5 8 9 },0x0,0x0,{ 0.000000 })      = 0 (0x0)
fsync(0xe)                                       = 0 (0x0)
select(10,{ 3 5 8 9 },0x0,0x0,0x0)               = 1 (0x1)
...

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list