Bug#704127: unblock: procps/3.3.3-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package procps
ps crashes when processes have larger than normal groups, essentially
it is because the /proc/PID/status file is larger than 1024 bytes. This
is NOT a buffer overflow but the parser gets all sad because it runs out
of things to parse.
The fix is a rather simple bump up the buffer from 1024 to 4096.
This fixes bug #702965 which is merged with another.
We (upstream) have a permanent fix in later versions that is much more
intrusive.
Strictly speaking, the bug is in libproc0 not procps, it is just that
the binary ps crashes because of it.
unblock procps/3.3.3-3
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru procps-3.3.3/debian/changelog procps-3.3.3/debian/changelog
--- procps-3.3.3/debian/changelog 2012-06-17 18:06:28.000000000 +1000
+++ procps-3.3.3/debian/changelog 2013-03-28 21:14:02.000000000 +1100
@@ -1,3 +1,9 @@
+procps (1:3.3.3-3) UNRELEASED; urgency=low
+
+ * 3.3.3-3 Fix ps crash with large process groups Closes: #702965
+
+ -- Craig Small <csmall@debian.org> Thu, 28 Mar 2013 21:03:15 +1100
+
procps (1:3.3.3-2) unstable; urgency=low
* Fixes for kFreeBSD Closes: #674785
diff -Nru procps-3.3.3/debian/patches/bts702965-biggerbuff procps-3.3.3/debian/patches/bts702965-biggerbuff
--- procps-3.3.3/debian/patches/bts702965-biggerbuff 1970-01-01 10:00:00.000000000 +1000
+++ procps-3.3.3/debian/patches/bts702965-biggerbuff 2013-03-28 21:17:28.000000000 +1100
@@ -0,0 +1,47 @@
+Description: ps: allow large list of groups
+ ps crashes when the information exceeds 1024 bytes in files such as
+ /proc/PID/status.
+Origin: https://www.gitorious.org/procps/procps/commit/7933435584aa1fd75460f4c7715a3d4855d97c1c
+Author: Eric Dumazet <eric.dumazet@gmail.com>
+Reviewed-by: Craig Small <csmall@debian.org>
+Bug-Debian: http://bugs.debian.org/702965
+--- a/proc/readproc.c
++++ b/proc/readproc.c
+@@ -353,7 +353,9 @@
+ P->vm_swap = strtol(S,&S,10);
+ continue;
+ case_Groups:
+- { int j = strchr(S, '\n') - S; // currently lines end space + \n
++ { char *nl = strchr(S, '\n');
++ int j = nl ? (nl - S) : strlen(S);
++
+ if (j) {
+ P->supgid = xmalloc(j+1); // +1 in case space disappears
+ memcpy(P->supgid, S, j);
+@@ -723,7 +725,7 @@
+ // room to spare.
+ static proc_t* simple_readproc(PROCTAB *restrict const PT, proc_t *restrict const p) {
+ static struct stat sb; // stat() buffer
+- static char sbuf[1024]; // buffer for stat,statm,status
++ static char sbuf[4096]; // buffer for stat,statm,status
+ char *restrict const path = PT->path;
+ unsigned flags = PT->flags;
+
+@@ -827,7 +829,7 @@
+ // path is a path to the task, with some room to spare.
+ static proc_t* simple_readtask(PROCTAB *restrict const PT, const proc_t *restrict const p, proc_t *restrict const t, char *restrict const path) {
+ static struct stat sb; // stat() buffer
+- static char sbuf[1024]; // buffer for stat,statm,status
++ static char sbuf[4096]; // buffer for stat,statm,status
+ unsigned flags = PT->flags;
+
+ if (unlikely(stat(path, &sb) == -1)) /* no such dirent (anymore) */
+@@ -1368,7 +1370,7 @@
+ * and filled out proc_t structure.
+ */
+ proc_t * get_proc_stats(pid_t pid, proc_t *p) {
+- static char path[32], sbuf[1024];
++ static char path[32], sbuf[4096];
+ struct stat statbuf;
+
+ sprintf(path, "/proc/%d", pid);
diff -Nru procps-3.3.3/debian/patches/series procps-3.3.3/debian/patches/series
--- procps-3.3.3/debian/patches/series 2012-06-17 18:00:06.000000000 +1000
+++ procps-3.3.3/debian/patches/series 2013-03-28 21:14:25.000000000 +1100
@@ -2,3 +2,4 @@
bts676239-pkill-u-option
watch_8bit
uptime_test
+bts702965-biggerbuff
Reply to: