Skip to content

Fix crash when system reports huge load averages#100

Merged
Atoptool merged 1 commit intoAtoptool:masterfrom
zlandau:loadavg_crash
Feb 22, 2020
Merged

Fix crash when system reports huge load averages#100
Atoptool merged 1 commit intoAtoptool:masterfrom
zlandau:loadavg_crash

Conversation

@zlandau
Copy link
Contributor

@zlandau zlandau commented Feb 16, 2020
edited
Loading

The load average reporting functions in showsys.c use static buffer
sizes. When the load averages on a machine are very large, this causes
the writes to extend past the buffer. With this commit, if a number is
too large then we just show '>NNNNNN'. I'm not sure if this is the best
choice, so I'm open to other ideas.

This is what the output looks like when we exceed the maximums:

CPL | avg1 >999999 | avg5 >999999 | avg15 >99999 | csw 103117e3 | intr 88296e3 |
Note that this was triggered from a kernel that is reporting clearly
inaccurate numbers:

$ cat /proc/loadavg
1.25 2.40 368567045.47 1/589 53576

But regardless, crashing is no fun.

For future reference, I narrowed down the issue by building with
-fsanitize=address. For example:

  ==55396==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55c527d6f14f at pc 0x7f4729942df9 bp 0x7ffe1fd30710 sp 0x7ffe1fd2fea0
  WRITE of size 10 at 0x55c527d6f14f thread T0
      # 0 0x7f4729942df8 in __interceptor_vsprintf /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1627
      # 1 0x7f47299432cf in __interceptor_sprintf /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1670
      # 2 0x55c527d1c167 in sysprt_CPLAVG15 (/home/kapheine/projects/atop/atop+0x74167)
      # 3 0x55c527d2087a in showsysline (/home/kapheine/projects/atop/atop+0x7887a)
      # 4 0x55c527d1471f in prisyst (/home/kapheine/projects/atop/atop+0x6c71f)
      # 5 0x55c527d090ff in generic_samp (/home/kapheine/projects/atop/atop+0x610ff)
      # 6 0x55c527ce17c9 in main (/home/kapheine/projects/atop/atop+0x397c9)
      # 7 0x7f472952a022 in __libc_start_main (/usr/lib/libc.so.6+0x27022)
      # 8 0x55c527ce266d in _start (/home/kapheine/projects/atop/atop+0x3a66d)

  0x55c527d6f14f is located 49 bytes to the left of global variable 'buf' defined in 'showsys.c:981:54' (0x55c527d6f180) of size 15
  0x55c527d6f14f is located 0 bytes to the right of global variable 'buf' defined in 'showsys.c:1000:54' (0x55c527d6f140) of size 15

@zlandau
Fix crash when system reports huge load averages
f202a31 
The load average reporting functions in showsys.c use static buffer
sizes. When the load averages on a machine are very large, this causes
the writes to extend past the buffer. With this commit, if a number is
too large then we just show '>NNNNNN'. I'm not sure if this is the best
choice, so I'm open to other ideas.

This is what the output looks like when we exceed the maximums:

  CPL | avg1 >999999 | avg5 >999999 | avg15 >99999 | csw 103117e3 | intr 88296e3 |

Note that this was triggered from a kernel that is reporting clearly
inaccurate numbers:

  $ cat /proc/loadavg
  1.25 2.40 368567045.47 1/589 53576

But regardless, crashing is no fun.

For future reference, I narrowed down the issue by building with
-fsanitize=address. For example:

  ==55396==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55c527d6f14f at pc 0x7f4729942df9 bp 0x7ffe1fd30710 sp 0x7ffe1fd2fea0
  WRITE of size 10 at 0x55c527d6f14f thread T0
      #0 0x7f4729942df8 in __interceptor_vsprintf /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1627
      Atoptool#1 0x7f47299432cf in __interceptor_sprintf /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1670
      Atoptool#2 0x55c527d1c167 in sysprt_CPLAVG15 (/home/kapheine/projects/atop/atop+0x74167)
      Atoptool#3 0x55c527d2087a in showsysline (/home/kapheine/projects/atop/atop+0x7887a)
      Atoptool#4 0x55c527d1471f in prisyst (/home/kapheine/projects/atop/atop+0x6c71f)
      Atoptool#5 0x55c527d090ff in generic_samp (/home/kapheine/projects/atop/atop+0x610ff)
      Atoptool#6 0x55c527ce17c9 in main (/home/kapheine/projects/atop/atop+0x397c9)
      Atoptool#7 0x7f472952a022 in __libc_start_main (/usr/lib/libc.so.6+0x27022)
      Atoptool#8 0x55c527ce266d in _start (/home/kapheine/projects/atop/atop+0x3a66d)

  0x55c527d6f14f is located 49 bytes to the left of global variable 'buf' defined in 'showsys.c:981:54' (0x55c527d6f180) of size 15
  0x55c527d6f14f is located 0 bytes to the right of global variable 'buf' defined in 'showsys.c:1000:54' (0x55c527d6f140) of size 15
@Atoptool Atoptool merged commit bc2e412 into Atoptool:master Feb 22, 2020
@Atoptool
Copy link
Owner

Atoptool commented Feb 22, 2020

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zlandau @Atoptool