Bug#696874: libproc-processtable-perl: Buffer overflow in pctcpu

Salvatore Bonaccorso carnil at debian.org
Fri Dec 28 15:51:52 UTC 2012 

Package: libproc-processtable-perl
Version: 0.45-1
Control: forwarded -1 https://rt.cpan.org/Public/Bug/Display.html?id=82175

The following bug was reported in Ubuntu against
libproc-processtable-perl:

----- Forwarded message from "Matthew L. Dailey" <matthew.l.dailey at dartmouth.edu> -----

Date: Sun, 23 Dec 2012 15:56:11 -0000
From: "Matthew L. Dailey" <matthew.l.dailey at dartmouth.edu>
To: pkg-perl-maintainers at lists.launchpad.net
Subject: [Pkg-perl-maintainers] [Bug 1093289] [NEW] Buffer overflow in pctcpu
Reply-To: Bug 1093289 <1093289 at bugs.launchpad.net>

Public bug reported:

With long-running jobs on a multi-cpu machine (>10 logical CPUs), the
percent CPU utilization of a process can exceed 1000%, causing a buffer
overflow in pctcpu.

Here is /proc/<pid>/stat for a process that produces the overflow:
# cat /proc/23427/stat
23427 (sdevice) S 16424 23427 16424 34816 23427 4202496 3854777420 3716 11765 0 179490227 1688781 0 0 20 0 44 0 155125884 173169319936 30671991 18446744073709551615 4194304 190125333 140736691917600 140736691909504 47611949540385 0 8192 0 640 18446744073709551615 0 0 17 15 0 0 1540 0 0

And, here's the backtrace if I compile with debugging symbols and run in gdb:
#0  0x00007ffff76d5425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff76d8b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007ffff771339e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007ffff77a9807 in __fortify_fail ()
   from /lib/x86_64-linux-gnu/libc.so.6
#4  0x00007ffff77a8700 in __chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
#5  0x00007ffff77a7b69 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#6  0x00007ffff76eefcb in __printf_fp () from /lib/x86_64-linux-gnu/libc.so.6
#7  0x00007ffff76ea5b8 in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#8  0x00007ffff77a7c04 in __vsprintf_chk ()
   from /lib/x86_64-linux-gnu/libc.so.6
#9  0x00007ffff77a7b4d in __sprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6
#10 0x00007ffff6473297 in sprintf (__s=0x7dc4f8 "1051.1", 
    __fmt=0x7ffff6474f9d "%3.2f")
    at /usr/include/x86_64-linux-gnu/bits/stdio2.h:34
#11 calc_prec (prs=0x7dc410, 
    format_str=0x7dc510 "iiisiiiillllljjjjijllljjsiiiiiiSSsSS", 
    mem_pool=<optimized out>) at OS.c:542
#12 OS_get_table () at OS.c:651
#13 0x00007ffff6474ab8 in XS_Proc__ProcessTable_table (
    my_perl=<optimized out>, cv=<optimized out>) at ProcessTable.xs:353
#14 0x00007ffff7b1384f in Perl_pp_entersub () from /usr/lib/libperl.so.5.14
#15 0x00007ffff7b0ace6 in Perl_runops_standard () from /usr/lib/libperl.so.5.14
#16 0x00007ffff7aac36a in perl_run () from /usr/lib/libperl.so.5.14
#17 0x0000000000400db9 in main ()

I have reported this at
https://rt.cpan.org/Public/Bug/Display.html?id=82175 and will put
together a debdiff against 0.45-3 with my patch.

** Affects: libproc-processtable-perl (Ubuntu)
     Importance: Undecided
         Status: New

----- End forwarded message -----

Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20121228/f9ef0257/attachment.pgp>

More information about the pkg-perl-maintainers mailing list