A potential bug to squeeze extra memory through command line arguments

Dmitry V. Levin ldv at altlinux.org
Fri Feb 19 12:30:14 UTC 2016 

Hi,

On Fri, Feb 19, 2016 at 05:47:40PM +0530, haris iqbal wrote:
> Hello.
> 
> I was going through the code of strace.c, when I found this line in
> init() function.
> 
> tcbtabsize = argc;  /* Surely enough for all -p args.  */

> That set me thinking is it really is what I think it is. Can it really
> be that strace will allocate that many tcbtab pointers and tcp
> structures as many arguments I give to the program.

The fun of the situation is that after commit v4.6-258-ge8172b7
this is no longer enough for all -p args.

> So I set out to find out whether there is a way to make strace take a
> lot of memory, without actually using it.
> 
> Firstly I found out that if there is a way to give large number of
> arguments and still make strace work as it should. It turns out that
> there is. One can give as many -i (or some other such arguments) as
> arguments and the strace would work properly.
> 
> Then, I wanted to make sure whether the code is actually allocating
> that many resources as as there are arguments. So I went into the
> cleanup() function that is called through error_msg_and_die(). And
> there I added debugging code to see how many of them were actually
> allocated. It turns out that they were allocated.
> I added a print statement in the for loop of cleanup(). It ran for as
> many number of times as there were arguments. Although the usefull one
> was the first one only, which had the pid of the process being traced
> (strace was run with -p <pid> option).
> 
> So, summing it all up. I ran a script which gave strace a -p option
> and a process pid to trace. Along with that some 600000 -i options. It
> ran successfully with a memory consumption of around 100mb. Thats a
> lot for a small system with limited memory.

OK, so what would you suggest to change in initial tcb table allocation?


-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20160219/33fda5e2/attachment.bin>

More information about the Strace-devel mailing list