Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 04 Jan 2002 18:44:36 +0300
From:      "Vladimir B.Grebenschikov" <vova@sw.ru>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/33537: savecore cannot save kernel core if it's size > 2Gb
Message-ID:  <E16MWWK-0001hP-00@vbook.express.ru>

next in thread | raw e-mail | index | archive | help

>Number:         33537
>Category:       bin
>Synopsis:       savecore cannot save kernel core if it's size > 2Gb
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 04 07:50:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Vladimir B. Grebenschikov
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
SWsoft
>Environment:
System: FreeBSD vbook.express.ru 5.0-CURRENT FreeBSD 5.0-CURRENT #10: Fri Dec 28 19:17:02 MSK 2001 root@walder.asplinux.ru:/usr/obj/ext/current/src/sys/VBOOK i386
checked also on 4.4-RELEASE and RELENG_4
>Description:
	Due to integer overflows and fseek overflow savecore can't save
kernel core on machine with more than 2Gb

Bug related to kern/33535 (but not depends on)

>How-To-Repeat:
	# dumpon <some-big-enough-partition>
	sysctl debug.enter_debugger=ddb
	db> call dumpsys()
	.... succeeded
	db> c
	# savecore /var/crash
	# ls -l /var/crash
	ls -l /var/crash/vmcore.?
total 0
-rw-r--r--  1 root  wheel  0 Jan  4 18:32 vmcore.0
	# 

There two problems in code:
 - signed/unsigned integer overflow while counting size of corefile
 - fseek problem (fseek cannot seek over 2 Gb boundary)
	
>Fix:

diff -u -r1.28.2.8 savecore.c
--- sbin/savecore/savecore.c	2001/08/01 09:04:22	1.28.2.8
+++ sbin/savecore/savecore.c	2002/01/04 15:15:40
@@ -221,7 +221,7 @@
 	int kmem, i;
 	const char *dump_sys;
 	size_t len;
-	long kdumplo;		/* block number where dump starts on dumpdev */
+	unsigned long kdumplo;		/* block number where dump starts on dumpdev */
 	char *p;
 
 	/*
@@ -266,7 +266,7 @@
 	(void)Read(kmem, &kdumplo, sizeof(kdumplo));
 	dumplo = (off_t)kdumplo * DEV_BSIZE;
 	if (verbose)
-		(void)printf("dumplo = %lld (%ld * %d)\n",
+		(void)printf("dumplo = %lld (%lu * %d)\n",
 		    (long long)dumplo, kdumplo, DEV_BSIZE);
 	Lseek(kmem, (off_t)current_nl[X_DUMPMAG].n_value, L_SET);
 	(void)Read(kmem, &dumpmag, sizeof(dumpmag));
@@ -446,7 +446,7 @@
 				if (fwrite(buf + nw, hs - nw, 1, fp) != 1)
 					break;
 			if (he > hs)
-				if (fseek(fp, he - hs, SEEK_CUR) == -1)
+				if (fseeko(fp, he - hs, SEEK_CUR) == -1)
 					break;
 		}
 		if (nw != nr) {
@@ -581,12 +581,12 @@
 void
 get_dumpsize()
 {
-	int kdumpsize;
+	unsigned int kdumpsize;
 
 	/* Read the dump size. */
 	DumpRead(dumpfd, &kdumpsize, sizeof(kdumpsize),
 	    (off_t)(dumplo + ok(dump_nl[X_DUMPSIZE].n_value)), L_SET);
-	dumpsize = kdumpsize * getpagesize();
+	dumpsize = kdumpsize * (unsigned)getpagesize();
 }
 
 /*
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E16MWWK-0001hP-00>