Ubuntu
libproc-processtable-perl package

Buffer overflow in pctcpu

Bug #1093289 reported by Matthew L. Dailey on 2012-12-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libproc-processtable-perl (Debian)	Fix Released	Unknown	debbugs #696874
	libproc-processtable-perl (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

With long-running jobs on a multi-cpu machine (>10 logical CPUs), the percent CPU utilization of a process can exceed 1000%, causing a buffer overflow in pctcpu.

Here is /proc/<pid>/stat for a process that produces the overflow:
# cat /proc/23427/stat
23427 (sdevice) S 16424 23427 16424 34816 23427 4202496 3854777420 3716 11765 0 179490227 1688781 0 0 20 0 44 0 155125884 173169319936 30671991 18446744073709551615 4194304 190125333 140736691917600 140736691909504 47611949540385 0 8192 0 640 18446744073709551615 0 0 17 15 0 0 1540 0 0

And, here's the backtrace if I compile with debugging symbols and run in gdb:
#0 0x00007ffff76d5425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff76d8b8b in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff771339e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff77a9807 in __fortify_fail ()
   from /lib/x86_64-linux-gnu/libc.so.6
#4 0x00007ffff77a8700 in __chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
#5 0x00007ffff77a7b69 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#6 0x00007ffff76eefcb in __printf_fp () from /lib/x86_64-linux-gnu/libc.so.6
#7 0x00007ffff76ea5b8 in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#8 0x00007ffff77a7c04 in __vsprintf_chk ()
   from /lib/x86_64-linux-gnu/libc.so.6
#9 0x00007ffff77a7b4d in __sprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6
#10 0x00007ffff6473297 in sprintf (__s=0x7dc4f8 "1051.1",
    __fmt=0x7ffff6474f9d "%3.2f")
    at /usr/include/x86_64-linux-gnu/bits/stdio2.h:34
#11 calc_prec (prs=0x7dc410,
    format_str=0x7dc510 "iiisiiiillllljjjjijllljjsiiiiiiSSsSS",
    mem_pool=<optimized out>) at OS.c:542
#12 OS_get_table () at OS.c:651
#13 0x00007ffff6474ab8 in XS_Proc__ProcessTable_table (
    my_perl=<optimized out>, cv=<optimized out>) at ProcessTable.xs:353
#14 0x00007ffff7b1384f in Perl_pp_entersub () from /usr/lib/libperl.so.5.14
#15 0x00007ffff7b0ace6 in Perl_runops_standard () from /usr/lib/libperl.so.5.14
#16 0x00007ffff7aac36a in perl_run () from /usr/lib/libperl.so.5.14
#17 0x0000000000400db9 in main ()

I have reported this at https://rt.cpan.org/Public/Bug/Display.html?id=82175 and will put together a debdiff against 0.45-3 with my patch.

Tags:

Related branches

lp:debian/libproc-processtable-perl

lp:ubuntu/raring/libproc-processtable-perl

Revision history for this message

Matthew L. Dailey (matthew-l-dailey) wrote on 2012-12-23:

debdiff against 0.45-3 Edit (2.8 KiB, text/plain)

Here is the debdiff to fix this for up to 99 cpus. This is obviously a short-term fix since this case is probably not too far away (we have several 24-cpu machines). Probably better to make this dynamic or at least use snprintf() to avoid buffer overflows.

Let me know if you need more info about the problem or my patch.

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2012-12-23:

The attachment "debdiff against 0.45-3" of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags:

added: patch

Revision history for this message

Dave Gilbert (ubuntu-treblig) wrote on 2012-12-24:

Triaged since the reporter has debugged and fixed it.

Changed in libproc-processtable-perl (Ubuntu):
importance:	Undecided → Medium
status:	New → Triaged

Revision history for this message

ZhengPeng Hou (zhengpeng-hou) wrote on 2012-12-28:

fix uploaded

Changed in libproc-processtable-perl (Ubuntu):
status:	Triaged → Fix Committed

Bug Watch Updater (bug-watch-updater) on 2012-12-28

Changed in libproc-processtable-perl (Debian):
status:	Unknown → Confirmed

Revision history for this message

Salvatore Bonaccorso (carnil) wrote on 2012-12-28:

Hi Matthew and ZhengPeng

Matthew, thanks first of all for the report and patch. Furtunately we (pkg-perl Debian Group) are subscribed here, so noticed that.

I have updated libproc-processtable-perl with your patch in Debian and uploaded as 0.45-4 in unstable. So you can sync it as it is to Ubuntu raring. I have keep the following changelog entry to give credit to you (but renamed the patch to match the Debian bugnumber):

libproc-processtable-perl (0.45-4) unstable; urgency=low
.
   * Add 696874-fix-Buffer-overflow-in-pctcpu.patch.
     Fix for buffer overflow in pctcpu. On systems with more than 9 logical
     CPUs, a process can use more than 999% of CPU and overflow pctcpu.
     Thanks to Matthew L. Dailey and Zhengpeng Hou (Closes: #696874)
     (LP: #1093289)

Regards,
Salvatore

Bug Watch Updater (bug-watch-updater) on 2012-12-29

Changed in libproc-processtable-perl (Debian):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-12-31:

This bug was fixed in the package libproc-processtable-perl - 0.45-4

---------------
libproc-processtable-perl (0.45-4) unstable; urgency=low

  * Add 696874-fix-Buffer-overflow-in-pctcpu.patch.
    Fix for buffer overflow in pctcpu. On systems with more than 9 logical
    CPUs, a process can use more than 999% of CPU and overflow pctcpu.
    Thanks to Matthew L. Dailey and Zhengpeng Hou (Closes: #696874)
    (LP: #1093289)

-- Salvatore Bonaccorso <email address hidden> Fri, 28 Dec 2012 18:49:26 +0100

Changed in libproc-processtable-perl (Ubuntu):
status:	Fix Committed → Fix Released

Revision history for this message

Matthew L. Dailey (matthew-l-dailey) wrote on 2013-01-02:

Thanks, ZhengPeng and Salvatore, for your work in getting this patch integrated.

Is there any chance of getting this patch included in precise? I can roll my own package for our systems, but it would be much nicer if this were part of the official Ubuntu packages.