Ubuntu
procps package

Bug #19277
Comment #8

Comment 8 for bug 19277

Revision history for this message

In Debian Bug tracker #256376, Thomas Dickey (dickey) wrote on 2005-08-22: Re: Bug#256376: clone

On Mon, Aug 22, 2005 at 10:45:43AM +1000, Craig Small wrote:
> On Fri, Aug 19, 2005 at 05:44:48PM -0400, Thomas Dickey wrote:
> > On Fri, Aug 19, 2005 at 08:10:07PM +0200, Justin Pryzby wrote:
> > > clone 256376 -1
> > > reassign -1 xterm
> > > retitle -1 xterm: top in a super-small xterm crashes them both
> > > thanks
> >
> > if you don't identify the version of xterm, I can only guess
> > that you're talking about this, which was fixed in patch #201
> > (and has been reported on this list 2-3 times since then):
> >
> > add a limit check for scrolling margins in a one-line screen,
> > overlooked in fixes for patch #198 (Debian #297430).
> Thomas could you do me (procps maintainer) a favour and run top on
> a "super-small" (think it is 3 columns or less) of a known fixed xterm
> and tell me if top dies?

I didn't see it die, but running it with valgrind, and resizing xterm (#202)
several times, valgrind does report problems with top, e.g.,

==6004== at 0x804ADD0: (within /usr/bin/top)
==6004== Address 0x1BACBCC0 is 0 bytes after a block of size 240 alloc'd
==6004== at 0x1B90506F: realloc (vg_replace_malloc.c:196)
==6004== by 0x804B40F: (within /usr/bin/top)
==6004== by 0x1B9A7E35: __libc_start_main (libc-start.c:242)
==6004== by 0x8049800: (within /usr/bin/top)
==6004==
==6004== Invalid write of size 1
==6004== at 0x1B905B97: memcpy (mac_replace_strmem.c:298)
==6004== by 0x804ADF1: (within /usr/bin/top)
==6004== Address 0x1BACBCC0 is 0 bytes after a block of size 240 alloc'd
==6004== at 0x1B90506F: realloc (vg_replace_malloc.c:196)
==6004== by 0x804B40F: (within /usr/bin/top)
==6004== by 0x1B9A7E35: __libc_start_main (libc-start.c:242)
==6004== by 0x8049800: (within /usr/bin/top)
==6004==
==6004== Invalid write of size 1
==6004== at 0x1B905B9E: memcpy (mac_replace_strmem.c:299)
==6004== by 0x804ADF1: (within /usr/bin/top)
==6004== Address 0x1BACBCC1 is 1 bytes after a block of size 240 alloc'd
==6004== at 0x1B90506F: realloc (vg_replace_malloc.c:196)
==6004== by 0x804B40F: (within /usr/bin/top)
==6004== by 0x1B9A7E35: __libc_start_main (libc-start.c:242)
==6004== by 0x8049800: (within /usr/bin/top)

> I'm trying to see if it is/was a top problem, a xterm problem, a library
> (eg ncurses) problem or some combination.

I'm thinking it's top, since it's a termcap application - running strings on
the executable shows me that. If it used initscr/newterm, it's still possible
to abuse ncurses' resizeterm, but something for me to verify.

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

On Mon, Aug 22, 2005 at 10:45:43AM +1000, Craig Small wrote:
> On Fri, Aug 19, 2005 at 05:44:48PM -0400, Thomas Dickey wrote:
> > On Fri, Aug 19, 2005 at 08:10:07PM +0200, Justin Pryzby wrote:
> > > clone 256376 -1
> > > reassign -1 xterm
> > > retitle -1 xterm: top in a super-small xterm crashes them both
> > > thanks
> > 
> > if you don't identify the version of xterm, I can only guess
> > that you're talking about this, which was fixed in patch #201
> > (and has been reported on this list 2-3 times since then):
> > 
> > 	add a limit check for scrolling margins in a one-line screen,
> > 	overlooked in fixes for patch #198 (Debian #297430).
> Thomas could you do me (procps maintainer) a favour and run top on
> a "super-small" (think it is 3 columns or less) of a known fixed xterm
> and tell me if top dies?

I didn't see it die, but running it with valgrind, and resizing xterm (#202)
several times, valgrind does report problems with top, e.g.,

==6004==    at 0x804ADD0: (within /usr/bin/top)
==6004==  Address 0x1BACBCC0 is 0 bytes after a block of size 240 alloc'd
==6004==    at 0x1B90506F: realloc (vg_replace_malloc.c:196)
==6004==    by 0x804B40F: (within /usr/bin/top)
==6004==    by 0x1B9A7E35: __libc_start_main (libc-start.c:242)
==6004==    by 0x8049800: (within /usr/bin/top)
==6004==
==6004== Invalid write of size 1
==6004==    at 0x1B905B97: memcpy (mac_replace_strmem.c:298)
==6004==    by 0x804ADF1: (within /usr/bin/top)
==6004==  Address 0x1BACBCC0 is 0 bytes after a block of size 240 alloc'd
==6004==    at 0x1B90506F: realloc (vg_replace_malloc.c:196)
==6004==    by 0x804B40F: (within /usr/bin/top)
==6004==    by 0x1B9A7E35: __libc_start_main (libc-start.c:242)
==6004==    by 0x8049800: (within /usr/bin/top)
==6004==
==6004== Invalid write of size 1
==6004==    at 0x1B905B9E: memcpy (mac_replace_strmem.c:299)
==6004==    by 0x804ADF1: (within /usr/bin/top)
==6004==  Address 0x1BACBCC1 is 1 bytes after a block of size 240 alloc'd
==6004==    at 0x1B90506F: realloc (vg_replace_malloc.c:196)
==6004==    by 0x804B40F: (within /usr/bin/top)
==6004==    by 0x1B9A7E35: __libc_start_main (libc-start.c:242)
==6004==    by 0x8049800: (within /usr/bin/top)

> I'm trying to see if it is/was a top problem, a xterm problem, a library
> (eg ncurses) problem or some combination.

I'm thinking it's top, since it's a termcap application - running strings on
the executable shows me that.  If it used initscr/newterm, it's still possible
to abuse ncurses' resizeterm, but something for me to verify.

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

Ubuntuprocps package

Comment 8 for bug 19277

Ubuntu
procps package