svn commit: r345807 - head/usr.bin/top
Bruce Evans
brde at optusnet.com.au
Tue Sep 3 14:06:31 UTC 2019
On Tue, 2 Apr 2019, Dimitry Andric wrote:
> Author: dim
> Date: Tue Apr 2 18:01:54 2019
> New Revision: 345807
> URL: https://svnweb.freebsd.org/changeset/base/345807
>
> Log:
> Fix regression in top(1) after r344381, causing informational messages
> to no longer be displayed. This was because the reimplementation of
> setup_buffer() did not copy the previous contents into any reallocated
> buffer.
>
> Reported by: James Wright <james.wright at jigsawdezign.com>
> PR: 236947
> MFC after: 3 days
>
> Modified:
> head/usr.bin/top/display.c
>
> Modified: head/usr.bin/top/display.c
> ==============================================================================
> --- head/usr.bin/top/display.c Tue Apr 2 17:51:28 2019 (r345806)
> +++ head/usr.bin/top/display.c Tue Apr 2 18:01:54 2019 (r345807)
> @@ -1347,7 +1347,8 @@ i_uptime(struct timeval *bt, time_t *tod)
> static char *
> setup_buffer(char *buffer, int addlen)
> {
> - size_t len;
> + size_t len, old_len;
> + char *new_buffer;
>
> setup_buffer_bufsiz = screen_width;
> if (setup_buffer_bufsiz < SETUPBUFFER_MIN_SCREENWIDTH)
> @@ -1355,13 +1356,18 @@ setup_buffer(char *buffer, int addlen)
> setup_buffer_bufsiz = SETUPBUFFER_MIN_SCREENWIDTH;
> }
>
> - free(buffer);
> len = setup_buffer_bufsiz + addlen + SETUPBUFFER_REQUIRED_ADDBUFSIZ;
> - buffer = calloc(len, sizeof(char));
> - if (buffer == NULL)
> + new_buffer = calloc(len, sizeof(char));
> + if (new_buffer == NULL)
> {
> errx(4, "can't allocate sufficient memory");
> }
> + if (buffer != NULL)
> + {
> + old_len = strlen(buffer);
> + memcpy(new_buffer, buffer, old_len < len - 1 ? old_len : len - 1);
> + free(buffer);
> + }
>
> - return buffer;
> + return new_buffer;
> }
Looks like realloc() hasn't been invented yet.
realloc() wouldn't clear the new part of the buffer, so a memset() or at
least setting the first byte in a new buffer (starting with buffer == NULL
might be needed).
The above has some bugs when the new buffer is smaller the old buffer:
- when old_len < len - 1, the new buffer has no space for the old buffer
including its NUL terminator, so the new buffer is left unterminated
after blind truncation
- when old_len == len - 1, the new buffer has no space for the NUL
terminator, so the new buffer is left unterminated after not overrunning
it by copying the NUL terminator
- when old_len > len - 1, the new buffer is NUL terminated in an obfuscated
way (calloc() has filled it with NULs and the memcpy() doesn't overwrite
them all).
Bruce
More information about the svn-src-all
mailing list