Re: top(1) segfaults if terminal window is too short

To: netbsd-users%netbsd.org@localhost
Subject: Re: top(1) segfaults if terminal window is too short
From: christos%astron.com@localhost (Christos Zoulas)
Date: Fri, 12 Dec 2008 23:10:33 +0000 (UTC)

In article 
<2218b9af0812120910p50c6ad40yf5f78cfef04acdfd%mail.gmail.com@localhost>,
Stathis Kamperis <ekamperi%gmail.com@localhost> wrote:
>Greetings people.
>
>The following apply to netbsd-5 ( can anyone please test -current also? )
>
>top(1) segfaults if the terminal from which it is invoked has a height of
>less than 6 lines of height.
>
>[stathis@netbsd ~] top
>Segmentation fault (core dumped)
>
>If it has exactly 6 lines of height it dies with the following error:
>[stathis@netbsd ~] top
>top: can't allocate sufficient memory
>
>If it is 7 lines of height or more it works ok.
>Here is the backtrace I got:
>
>[stathis@netbsd /usr/src/external/bsd/top/dist] gdb ./top
>GNU gdb 6.5
>Copyright (C) 2006 Free Software Foundation, Inc.
>GDB is free software, covered by the GNU General Public License, and you are
>---Type <return> to continue, or q <return> to quit---
>welcome to change it and/or distribute copies of it under certain conditions.
>Type "show copying" to see the conditions.
>There is absolutely no warranty for GDB.  Type "show warranty" for details.
>---Type <return> to continue, or q <return> to quit---
>This GDB was configured as "i386--netbsdelf"...
>(gdb) r
>Starting program: /usr/src/external/bsd/top/dist/top
>
>Program received signal SIGSEGV, Segmentation fault.
>summary_format (x=-1, y=-1, numbers=0x8055ac0, names=0x0, cidx=0x0) at
>display.c:540
>540         while ((thisname = *names++) != NULL)
>(gdb) bt
>#0  summary_format (x=-1, y=-1, numbers=0x8055ac0, names=0x0,
>cidx=0x0) at display.c:540
>#1  0x0804cf3b in i_procstates (total=48, brkdn=0x8055ac0, threads=0)
>at display.c:1093
>#2  0x0804e7c8 in do_display (gstate=0xbb901080) at top.c:547
>#3  0x0804f3d6 in main (argc=1, argv=0xbfbfe858) at top.c:972
>(gdb)
>
>It seems as a null pointer dereference sorf of problem, since names=0x0 and 
>then
>the while loop does *names++.
>
>I looked at the source and i_procstates() does this:
>
>        /* format and print the process state summary */
>        summary_format(-1, -1, brkdn, procstate_names, NULL);
>
>At this particular point the `procstate_names' equals NULL and it is
>passed to summary_format()
>which attempts to dereference it. The problem is that the
>`procstate_names' is a global variable,
>and well I can track easily how it changes across the code.

Fixed in head.

christos

Follow-Ups:
- Re: top(1) segfaults if terminal window is too short
  - From: Stathis Kamperis

References:
- top(1) segfaults if terminal window is too short
  - From: Stathis Kamperis

Prev by Date: Re: eSATA and NetBSD
Next by Date: Re: eSATA and NetBSD
Previous by Thread: Re: top(1) segfaults if terminal window is too short
Next by Thread: Re: top(1) segfaults if terminal window is too short
Indexes:

Home | Main Index | Thread Index | Old Index