ports/121316: [patch]sysutils/xfce4-systemload-plugin integer multiplication overflow
MQ
antinvidia at gmail.com
Mon Mar 3 13:30:01 UTC 2008
>Number: 121316
>Category: ports
>Synopsis: [patch]sysutils/xfce4-systemload-plugin integer multiplication overflow
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 03 13:30:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: MQ
>Release: FreeBSD 7.0-RELEASE
>Organization:
>Environment:
FreeBSD q6600.macro 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 10:35:36 UTC 2008 root at driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
I've found an integer multiplication overflow in panel-plugin/memswap.c. When large memory is used, this bug will be triggered, causing the output of this plugin useless.
>How-To-Repeat:
Follow these steps when you have more than 3G memory (more than 2G must be enough to exploit this bug, but I have only tried installing 3G memory.)
1. cd /usr/ports/sysutils/xfce4-systemload-plugin && make install
2. Configure xfce4 to enable this plugin.
3. You will see that the output of the memory consumption is absolutely incorrect.
>Fix:
See my patch.
Patch attached with submission follows:
--- panel-plugin/memswap.c.orig 2007-01-18 02:01:09.000000000 +0800
+++ panel-plugin/memswap.c 2008-03-03 21:01:50.000000000 +0800
@@ -203,7 +203,7 @@
gint read_memswap(gulong *mem, gulong *swap, gulong *MT, gulong *MU, gulong *ST, gulong *SU)
{
int total_pages;
- int free_pages;
+ u_int free_pages;
int inactive_pages;
int pagesize = getpagesize();
int swap_avail;
@@ -222,8 +222,8 @@
return -1;
}
- *MT = (total_pages*pagesize) >> 10;
- *MU = ((total_pages-free_pages-inactive_pages) * pagesize) >> 10;
+ *MT = CONVERT(total_pages);
+ *MU = CONVERT(total_pages-free_pages-inactive_pages);
*mem = *MU * 100 / *MT;
if((*swap = swapmode(&swap_avail, &swap_free)) >= 0) {
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list