----- Original Message -----
> Hi Dave,
>
> I'm faced with abort in "kmem -i" command with some vmcores
> and looking into it, but I haven't found the cause so far.
> Could you possibly take a look at this issue?
>
> I attached the abort log. I can send you the core and vmcore.
>
> Depending on execution, the occurrences vary.
>
> * abort, <segmentation violation in gdb>, or no problem
> * If not reproduced with interactive "crash> kmem -i", you may
> reproduce it with "echo 'kmem -i' | crash vmlinux vmcore".
> * observed in "kmem -V" and "kmem -z" as well
> * also observed on i686 with kernel 4.14 vmcore
> * latest crash (1926150e)
>
> Thanks,
> Kazu
Hi Kazu,
I'm not clear on why it always generates the SIGSEGV when the kmem
command is piped directly into crash, whereas it rarely happens when
running the command interactively.
But anyway, as it turns out, there is a 1-byte buffer overflow in
vm_stat_init() that has always been there.
Can you try the attached patch?
Thanks,
Dave
diff --git a/memory.c b/memory.c
index 2f568d5..5c0a853 100644
--- a/memory.c
+++ b/memory.c
@@ -17498,13 +17498,12 @@ vm_stat_init(void)
STREQ(arglist[0], "NR_VM_ZONE_STAT_ITEMS")) {
continue;
} else {
- stringlen += strlen(arglist[0]);
+ stringlen += strlen(arglist[0]) + 1;
count++;
}
}
- total = stringlen + vt->nr_vm_stat_items +
- (sizeof(void *) * vt->nr_vm_stat_items);
+ total = stringlen + (sizeof(void *) * vt->nr_vm_stat_items);
if (!(vt->vm_stat_items = (char **)malloc(total))) {
close_tmpfile();
error(FATAL, "cannot malloc vm_stat_items cache\n");
--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/crash-utility
