Bug#696874: marked as done (libproc-processtable-perl: Buffer overflow in pctcpu)

Debian Bug Tracking System Fri, 28 Dec 2012 10:21:16 -0800

Your message dated Fri, 28 Dec 2012 18:17:33 +0000
with message-id <[email protected]>
and subject line Bug#696874: fixed in libproc-processtable-perl 0.45-4
has caused the Debian Bug report #696874,
regarding libproc-processtable-perl: Buffer overflow in pctcpu
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
696874: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696874
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: libproc-processtable-perl
Version: 0.45-1
Control: forwarded -1 https://rt.cpan.org/Public/Bug/Display.html?id=82175

The following bug was reported in Ubuntu against
libproc-processtable-perl:

----- Forwarded message from "Matthew L. Dailey" 
<[email protected]> -----

Date: Sun, 23 Dec 2012 15:56:11 -0000
From: "Matthew L. Dailey" <[email protected]>
To: [email protected]
Subject: [Pkg-perl-maintainers] [Bug 1093289] [NEW] Buffer overflow in pctcpu
Reply-To: Bug 1093289 <[email protected]>

Public bug reported:

With long-running jobs on a multi-cpu machine (>10 logical CPUs), the
percent CPU utilization of a process can exceed 1000%, causing a buffer
overflow in pctcpu.

Here is /proc/<pid>/stat for a process that produces the overflow:
# cat /proc/23427/stat
23427 (sdevice) S 16424 23427 16424 34816 23427 4202496 3854777420 3716 11765 0 
179490227 1688781 0 0 20 0 44 0 155125884 173169319936 30671991 
18446744073709551615 4194304 190125333 140736691917600 140736691909504 
47611949540385 0 8192 0 640 18446744073709551615 0 0 17 15 0 0 1540 0 0

And, here's the backtrace if I compile with debugging symbols and run in gdb:
#0  0x00007ffff76d5425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff76d8b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007ffff771339e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007ffff77a9807 in __fortify_fail ()
   from /lib/x86_64-linux-gnu/libc.so.6
#4  0x00007ffff77a8700 in __chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
#5  0x00007ffff77a7b69 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#6  0x00007ffff76eefcb in __printf_fp () from /lib/x86_64-linux-gnu/libc.so.6
#7  0x00007ffff76ea5b8 in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#8  0x00007ffff77a7c04 in __vsprintf_chk ()
   from /lib/x86_64-linux-gnu/libc.so.6
#9  0x00007ffff77a7b4d in __sprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6
#10 0x00007ffff6473297 in sprintf (__s=0x7dc4f8 "1051.1", 
    __fmt=0x7ffff6474f9d "%3.2f")
    at /usr/include/x86_64-linux-gnu/bits/stdio2.h:34
#11 calc_prec (prs=0x7dc410, 
    format_str=0x7dc510 "iiisiiiillllljjjjijllljjsiiiiiiSSsSS", 
    mem_pool=<optimized out>) at OS.c:542
#12 OS_get_table () at OS.c:651
#13 0x00007ffff6474ab8 in XS_Proc__ProcessTable_table (
    my_perl=<optimized out>, cv=<optimized out>) at ProcessTable.xs:353
#14 0x00007ffff7b1384f in Perl_pp_entersub () from /usr/lib/libperl.so.5.14
#15 0x00007ffff7b0ace6 in Perl_runops_standard () from /usr/lib/libperl.so.5.14
#16 0x00007ffff7aac36a in perl_run () from /usr/lib/libperl.so.5.14
#17 0x0000000000400db9 in main ()

I have reported this at
https://rt.cpan.org/Public/Bug/Display.html?id=82175 and will put
together a debdiff against 0.45-3 with my patch.

** Affects: libproc-processtable-perl (Ubuntu)
     Importance: Undecided
         Status: New

----- End forwarded message -----

Regards,
Salvatore

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: libproc-processtable-perl
Source-Version: 0.45-4

We believe that the bug you reported is fixed in the latest version of
libproc-processtable-perl, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated 
libproc-processtable-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 28 Dec 2012 18:49:26 +0100
Source: libproc-processtable-perl
Binary: libproc-processtable-perl
Architecture: source amd64
Version: 0.45-4
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description: 
 libproc-processtable-perl - Perl library for accessing process table 
information
Closes: 696874
Changes: 
 libproc-processtable-perl (0.45-4) unstable; urgency=low
 .
   * Add 696874-fix-Buffer-overflow-in-pctcpu.patch.
     Fix for buffer overflow in pctcpu. On systems with more than 9 logical
     CPUs, a process can use more than 999% of CPU and overflow pctcpu.
     Thanks to Matthew L. Dailey and Zhengpeng Hou (Closes: #696874)
     (LP: #1093289)
Checksums-Sha1: 
 fd53759f1a6de4f24b951715d5514b20027a8b93 2230 
libproc-processtable-perl_0.45-4.dsc
 dfc038a40d631eac6d95cf38d4af9fea40e2239f 8149 
libproc-processtable-perl_0.45-4.debian.tar.gz
 48ed734a5037e632a511e49b31d1e4ee5f6727af 48632 
libproc-processtable-perl_0.45-4_amd64.deb
Checksums-Sha256: 
 0c1b33f7b8f807fad3277a2b45f994460502f08a4552ff384c4698736aaa16b5 2230 
libproc-processtable-perl_0.45-4.dsc
 133d105d83af248474fee5969c8d59dda088e1c7079ea595329909756b297a42 8149 
libproc-processtable-perl_0.45-4.debian.tar.gz
 353f134146988474efa50fea73bfda4bd77c8ebb0e53557c6df3014e6176fdf6 48632 
libproc-processtable-perl_0.45-4_amd64.deb
Files: 
 a34cd6730dea4b541d600eee7fb88bfb 2230 perl optional 
libproc-processtable-perl_0.45-4.dsc
 3489ce1244f6bf91a0cde34e95388c83 8149 perl optional 
libproc-processtable-perl_0.45-4.debian.tar.gz
 85bbfe4927aeffb59e8d299d8a68f17e 48632 perl optional 
libproc-processtable-perl_0.45-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ3d11AAoJEHidbwV/2GP+mGYQALAAtQaaZzLwPeXyYWWgrvhi
gD9NjXcqkVczsNj3OJBihm8FEznqk1p7Y6P+0PyLLG8ZvxX4lMDSMg1laNZywfXL
icWYcyl+tgrA+Ca9g9vNyUD+GaSALR0wQ6eqHbCgMJpq0Fu9TF1fUG4RfeZVLcMR
xXxo59zCcH23nCXcNZgyDWMtBKb8mNSkMk03HYWiLMVtn0NIPyvusJskdHlIzT68
4ATaqrmsqaQJ0dy6KHgEMJTWsMFPpau4Hw/Dh126kkDepHpACKjquZf424A2ovsD
cC56BSbGd+gikwgBxEtFUIieOpTvU9+hLNE7+mHmnKDqfoVsuqhOgsYSWGosL4ct
IPLtj7cgN1UMZ1qvzvNdjanLy5pWxhmMwnyzHUz0usXGEVrjXBIDEZipC2x5uVA/
9nccqOuUBBskD9Id7K5vw5ETOyGQJCptmBr6f3exRb91uGpx6odHkOPq1nK8JAfr
1bM8YuUCjgd6x4Sj6C2PTdXvfqzQ5Xu/jio+Lj3mZg/IYTsaP8Cy5uOeTE51HJqE
ZaR7syTtlfJn7hQZoJY2QOFUtNHexrqMT+FdiL0FHc3fBYSGoOPGvTztyxukr0Jg
LrroP4aI3hgff/g9R8atOse+iSDw/C8ItV2w73PJP9buX+J90cZEro1WcL9qVrki
fHBirP8Kqp5gxlMdAs/C
=USsa
-----END PGP SIGNATURE-----

--- End Message ---

Bug#696874: marked as done (libproc-processtable-perl: Buffer overflow in pctcpu)

Reply via email to