Subject: bin/3171: Bug in systat (swap-display)
To: None <gnats-bugs@gnats.netbsd.org>
From: Paul Boven <paul@wit387304.student.utwente.nl>
List: netbsd-bugs
Date: 01/31/1997 07:11:45
>Number: 3171
>Category: bin
>Synopsis: Bug in systat (swap-display)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jan 30 22:20:01 1997
>Last-Modified:
>Originator: Paul Boven
>Organization:
----------------------------------------------------------------------
Paul Boven, <e.p.boven@student.utwente.nl> PE1NUT QRV 145.575 JO32KF
Nothing would get done in the world, if we didn't have insomniacs.
Or at least, nothing would get done at night.
----------------------------------------------------------------------
>Release: NetBSD-current 31 jan 1997
>Environment:
System: NetBSD wit387304.student.utwente.nl 1.2B NetBSD 1.2B (ELC) #4: Sat Jan 18 17:44:10 CET 1997 paul@wit387304.student.utwente.nl:/usr/src/sys/arch/sparc/compile/ELC sparc
>Description:
When running systat in the :swap-display-mode for an extended time, especially
during heavy VM-usage, it will stop functioning with an error message
("cannot read swapmap: bad_addres") and/or terminate abnormally, with a
segfault.
The cause of this: in swap.c, fetchswap(), the data from kvm_read are
copied into the memory-area pointed to by mp (static struct mapent *mp)
wich was previously malloced in initswap(). A few lines down the value
of mp is incremented in a for-loop when processing the kvm_read-data,
and never returned to it's original value. mp keeps getting incremented,
and sooner or later runs out of it's malloced area.
>How-To-Repeat:
See description.
>Fix:
I renamed mp to mpp for the static pointer, and introduced a new pointer mp
into fetchswap. At the start of fetchswap() mp gets initialized to mpp, the
start of the buffer.
diff-output:
87c87
< static struct mapent *mp;
---
> static struct mapent *mpp;
144c144
< (mp = malloc(nswapmap * sizeof(*mp))) == NULL) {
---
> (mpp = malloc(nswapmap * sizeof(*mpp))) == NULL) {
156a157
> struct mapent *mp;
158c159,160
< s = nswapmap * sizeof(*mp);
---
> s = nswapmap * sizeof(*mpp);
> mp = mpp;
P.s. I hope I sent this to the right pr-category. If not, please tell me
which one would have been appropriate, and whether I need to refile it there.
>Audit-Trail:
>Unformatted: