ports/121316: [patch]sysutils/xfce4-systemload-plugin integer multiplication overflow

MQ antinvidia at gmail.com
Mon Mar 3 13:30:01 UTC 2008 

>Number:         121316
>Category:       ports
>Synopsis:       [patch]sysutils/xfce4-systemload-plugin integer multiplication overflow
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 03 13:30:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     MQ
>Release:        FreeBSD 7.0-RELEASE
>Organization:
>Environment:
FreeBSD q6600.macro 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 10:35:36 UTC 2008     root at driscoll.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
I've found an integer multiplication overflow in panel-plugin/memswap.c. When large memory is used, this bug will be triggered, causing the output of this plugin useless.
>How-To-Repeat:
Follow these steps when you have more than 3G memory (more than 2G must be enough to exploit this bug, but I have only tried installing 3G memory.)
1. cd /usr/ports/sysutils/xfce4-systemload-plugin && make install
2. Configure xfce4 to enable this plugin.
3. You will see that the output of the memory consumption is absolutely incorrect.
>Fix:
See my patch.

Patch attached with submission follows:

--- panel-plugin/memswap.c.orig	2007-01-18 02:01:09.000000000 +0800
+++ panel-plugin/memswap.c	2008-03-03 21:01:50.000000000 +0800
@@ -203,7 +203,7 @@
 gint read_memswap(gulong *mem, gulong *swap, gulong *MT, gulong *MU, gulong *ST, gulong *SU)
 {
     int total_pages;
-    int free_pages;
+    u_int free_pages;
     int inactive_pages;
     int pagesize = getpagesize();
     int swap_avail;
@@ -222,8 +222,8 @@
         return -1;
     }
 
-    *MT = (total_pages*pagesize) >> 10;
-    *MU = ((total_pages-free_pages-inactive_pages) * pagesize) >> 10;
+    *MT = CONVERT(total_pages);
+    *MU = CONVERT(total_pages-free_pages-inactive_pages);
     *mem = *MU * 100 / *MT;
 
     if((*swap = swapmode(&swap_avail, &swap_free)) >= 0) {


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list