Buffer overflow in pctcpu
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libproc-processtable-perl (Debian) |
Fix Released
|
Unknown
|
|||
libproc-processtable-perl (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
With long-running jobs on a multi-cpu machine (>10 logical CPUs), the percent CPU utilization of a process can exceed 1000%, causing a buffer overflow in pctcpu.
Here is /proc/<pid>/stat for a process that produces the overflow:
# cat /proc/23427/stat
23427 (sdevice) S 16424 23427 16424 34816 23427 4202496 3854777420 3716 11765 0 179490227 1688781 0 0 20 0 44 0 155125884 173169319936 30671991 184467440737095
And, here's the backtrace if I compile with debugging symbols and run in gdb:
#0 0x00007ffff76d5425 in raise () from /lib/x86_
#1 0x00007ffff76d8b8b in abort () from /lib/x86_
#2 0x00007ffff771339e in ?? () from /lib/x86_
#3 0x00007ffff77a9807 in __fortify_fail ()
from /lib/x86_
#4 0x00007ffff77a8700 in __chk_fail () from /lib/x86_
#5 0x00007ffff77a7b69 in ?? () from /lib/x86_
#6 0x00007ffff76eefcb in __printf_fp () from /lib/x86_
#7 0x00007ffff76ea5b8 in vfprintf () from /lib/x86_
#8 0x00007ffff77a7c04 in __vsprintf_chk ()
from /lib/x86_
#9 0x00007ffff77a7b4d in __sprintf_chk () from /lib/x86_
#10 0x00007ffff6473297 in sprintf (__s=0x7dc4f8 "1051.1",
__fmt=
at /usr/include/
#11 calc_prec (prs=0x7dc410,
format_
mem_
#12 OS_get_table () at OS.c:651
#13 0x00007ffff6474ab8 in XS_Proc_
my_
#14 0x00007ffff7b1384f in Perl_pp_entersub () from /usr/lib/
#15 0x00007ffff7b0ace6 in Perl_runops_
#16 0x00007ffff7aac36a in perl_run () from /usr/lib/
#17 0x0000000000400db9 in main ()
I have reported this at https:/
Changed in libproc-processtable-perl (Debian): | |
status: | Unknown → Confirmed |
Changed in libproc-processtable-perl (Debian): | |
status: | Confirmed → Fix Released |
Here is the debdiff to fix this for up to 99 cpus. This is obviously a short-term fix since this case is probably not too far away (we have several 24-cpu machines). Probably better to make this dynamic or at least use snprintf() to avoid buffer overflows.
Let me know if you need more info about the problem or my patch.