Subject: bin/3171: Bug in systat (swap-display)
To: None <>
From: Paul Boven <>
List: netbsd-bugs
Date: 01/31/1997 07:11:45
>Number:         3171
>Category:       bin
>Synopsis:       Bug in systat (swap-display)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 30 22:20:01 1997
>Originator:     Paul Boven
Paul Boven, <>  PE1NUT  QRV 145.575 JO32KF
  Nothing would get done in the world, if we didn't have insomniacs.
           Or at least, nothing would get done at night. 
>Release:        NetBSD-current 31 jan 1997
System: NetBSD 1.2B NetBSD 1.2B (ELC) #4: Sat Jan 18 17:44:10 CET 1997 sparc

When running systat in the :swap-display-mode for an extended time, especially
during heavy VM-usage, it will stop functioning with an error message
("cannot read swapmap: bad_addres") and/or terminate abnormally, with a

The cause of this: in swap.c, fetchswap(), the data from kvm_read are
copied into the memory-area pointed to by mp (static struct mapent *mp)
wich was previously malloced in initswap(). A few lines down the value
of mp is incremented in a for-loop when processing the kvm_read-data, 
and never returned to it's original value. mp keeps getting incremented, 
and sooner or later runs out of it's malloced area. 

See description.

I renamed mp to mpp for the static pointer, and introduced a new pointer mp
into fetchswap. At the start of fetchswap() mp gets initialized to mpp, the
start of the buffer. 
< static struct mapent *mp;
> static struct mapent *mpp;
< 	    (mp = malloc(nswapmap * sizeof(*mp))) == NULL) {
> 	    (mpp = malloc(nswapmap * sizeof(*mpp))) == NULL) {
> 	struct mapent *mp;
< 	s = nswapmap * sizeof(*mp);
> 	s = nswapmap * sizeof(*mpp);
> 	mp = mpp;

P.s. I hope I sent this to the right pr-category. If not, please tell me
which one would have been appropriate, and whether I need to refile it there.