netbsd-bugs: bin/3171: Bug in systat (swap-display)

Subject: bin/3171: Bug in systat (swap-display)
To: None <gnats-bugs@gnats.netbsd.org>
From: Paul Boven <paul@wit387304.student.utwente.nl>
List: netbsd-bugs
Date: 01/31/1997 07:11:45
>Number:         3171
>Category:       bin
>Synopsis:       Bug in systat (swap-display)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 30 22:20:01 1997
>Last-Modified:
>Originator:     Paul Boven
>Organization:
----------------------------------------------------------------------
Paul Boven, <e.p.boven@student.utwente.nl>  PE1NUT  QRV 145.575 JO32KF
  Nothing would get done in the world, if we didn't have insomniacs.
           Or at least, nothing would get done at night. 
----------------------------------------------------------------------
>Release:        NetBSD-current 31 jan 1997
>Environment:
	
System: NetBSD wit387304.student.utwente.nl 1.2B NetBSD 1.2B (ELC) #4: Sat Jan 18 17:44:10 CET 1997 paul@wit387304.student.utwente.nl:/usr/src/sys/arch/sparc/compile/ELC sparc

>Description:
When running systat in the :swap-display-mode for an extended time, especially
during heavy VM-usage, it will stop functioning with an error message
("cannot read swapmap: bad_addres") and/or terminate abnormally, with a
segfault.

The cause of this: in swap.c, fetchswap(), the data from kvm_read are
copied into the memory-area pointed to by mp (static struct mapent *mp)
wich was previously malloced in initswap(). A few lines down the value
of mp is incremented in a for-loop when processing the kvm_read-data, 
and never returned to it's original value. mp keeps getting incremented, 
and sooner or later runs out of it's malloced area. 

>How-To-Repeat:
See description.

>Fix:
I renamed mp to mpp for the static pointer, and introduced a new pointer mp
into fetchswap. At the start of fetchswap() mp gets initialized to mpp, the
start of the buffer. 
diff-output: 
87c87
< static struct mapent *mp;
---
> static struct mapent *mpp;
144c144
< 	    (mp = malloc(nswapmap * sizeof(*mp))) == NULL) {
---
> 	    (mpp = malloc(nswapmap * sizeof(*mpp))) == NULL) {
156a157
> 	struct mapent *mp;
158c159,160
< 	s = nswapmap * sizeof(*mp);
---
> 	s = nswapmap * sizeof(*mpp);
> 	mp = mpp;

P.s. I hope I sent this to the right pr-category. If not, please tell me
which one would have been appropriate, and whether I need to refile it there.
>Audit-Trail:
>Unformatted: