top(1) segfaults if terminal window is too short

To: netbsd-users%netbsd.org@localhost
Subject: top(1) segfaults if terminal window is too short
From: "Stathis Kamperis" <ekamperi%gmail.com@localhost>
Date: Fri, 12 Dec 2008 19:10:49 +0200

Greetings people.

The following apply to netbsd-5 ( can anyone please test -current also? )

top(1) segfaults if the terminal from which it is invoked has a height of
less than 6 lines of height.

[stathis@netbsd ~] top
Segmentation fault (core dumped)

If it has exactly 6 lines of height it dies with the following error:
[stathis@netbsd ~] top
top: can't allocate sufficient memory

If it is 7 lines of height or more it works ok.
Here is the backtrace I got:

[stathis@netbsd /usr/src/external/bsd/top/dist] gdb ./top
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
---Type <return> to continue, or q <return> to quit---
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
---Type <return> to continue, or q <return> to quit---
This GDB was configured as "i386--netbsdelf"...
(gdb) r
Starting program: /usr/src/external/bsd/top/dist/top

Program received signal SIGSEGV, Segmentation fault.
summary_format (x=-1, y=-1, numbers=0x8055ac0, names=0x0, cidx=0x0) at
display.c:540
540         while ((thisname = *names++) != NULL)
(gdb) bt
#0  summary_format (x=-1, y=-1, numbers=0x8055ac0, names=0x0,
cidx=0x0) at display.c:540
#1  0x0804cf3b in i_procstates (total=48, brkdn=0x8055ac0, threads=0)
at display.c:1093
#2  0x0804e7c8 in do_display (gstate=0xbb901080) at top.c:547
#3  0x0804f3d6 in main (argc=1, argv=0xbfbfe858) at top.c:972
(gdb)

It seems as a null pointer dereference sorf of problem, since names=0x0 and then
the while loop does *names++.

I looked at the source and i_procstates() does this:

        /* format and print the process state summary */
        summary_format(-1, -1, brkdn, procstate_names, NULL);

At this particular point the `procstate_names' equals NULL and it is
passed to summary_format()
which attempts to dereference it. The problem is that the
`procstate_names' is a global variable,
and well I can track easily how it changes across the code.

Best regards,
Stathis Kamperis

Follow-Ups:
- Re: top(1) segfaults if terminal window is too short
  - From: Christos Zoulas
- Re: top(1) segfaults if terminal window is too short
  - From: Stathis Kamperis

Prev by Date: Re: Partition problems when using 'restore'
Next by Date: Re: top(1) segfaults if terminal window is too short
Previous by Thread: Partition problems when using 'restore'
Next by Thread: Re: top(1) segfaults if terminal window is too short
Indexes:

Home | Main Index | Thread Index | Old Index