A potential bug to squeeze extra memory through command line arguments
haris.phnx at gmail.com
Fri Feb 19 13:25:37 UTC 2016
On Fri, Feb 19, 2016 at 6:00 PM, Dmitry V. Levin <ldv at altlinux.org> wrote:
> On Fri, Feb 19, 2016 at 05:47:40PM +0530, haris iqbal wrote:
>> I was going through the code of strace.c, when I found this line in
>> init() function.
>> tcbtabsize = argc; /* Surely enough for all -p args. */
>> That set me thinking is it really is what I think it is. Can it really
>> be that strace will allocate that many tcbtab pointers and tcp
>> structures as many arguments I give to the program.
> The fun of the situation is that after commit v4.6-258-ge8172b7
> this is no longer enough for all -p args.
>> So I set out to find out whether there is a way to make strace take a
>> lot of memory, without actually using it.
>> Firstly I found out that if there is a way to give large number of
>> arguments and still make strace work as it should. It turns out that
>> there is. One can give as many -i (or some other such arguments) as
>> arguments and the strace would work properly.
>> Then, I wanted to make sure whether the code is actually allocating
>> that many resources as as there are arguments. So I went into the
>> cleanup() function that is called through error_msg_and_die(). And
>> there I added debugging code to see how many of them were actually
>> allocated. It turns out that they were allocated.
>> I added a print statement in the for loop of cleanup(). It ran for as
>> many number of times as there were arguments. Although the usefull one
>> was the first one only, which had the pid of the process being traced
>> (strace was run with -p <pid> option).
>> So, summing it all up. I ran a script which gave strace a -p option
>> and a process pid to trace. Along with that some 600000 -i options. It
>> ran successfully with a memory consumption of around 100mb. Thats a
>> lot for a small system with limited memory.
> OK, so what would you suggest to change in initial tcb table allocation?
There are still many portions of code which I have not understood
properly, but I am to make a suggestion with whatever knowledge I have
of the code. I would say to postpone the allocation till alloctcb() is
called. But I can see many places where alloctcb() is called is by
checking whether tcp->pid is present or not. And for that check, one
would need an allocated structure with a 0 value.
Are we allocating tcb table for multiple -p options only or does it
have some other purpose?
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> Strace-devel mailing list
> Strace-devel at lists.sourceforge.net
Md Haris Iqbal,
Placement Coordinator, MTech IT
Contact: +91 8861996962
More information about the Strace-devel