Roll back "die on malloc failure" behaviour a bit
After recent change, select(2^31-1, NULL, NULL, NULL)
would make strace exit. This change caps fdsize so that
it is always in [0, 1025*1024], IOW: we will try to allocate at most
1 megabyte, which in practice will almost always work,
unlike malloc(2Gig).
* desc.c (decode_select): Cap fdsize to 1024*1024.
* pathtrace.c (pathtrace_match): Cap fdsize to 1024*1024.
* file.c (sys_getdents): Cap len to 1024*1024.
(sys_getdents64): Cap len to 1024*1024.
* util.c (dumpiov): Refuse to process iov with more than 1024*1024
elements. Don't die on malloc failure.
(dumpstr): Don't die on malloc failure.
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
diff --git a/file.c b/file.c
index 96e36a2..b1d97c7 100644
--- a/file.c
+++ b/file.c
@@ -2421,6 +2421,11 @@
return 0;
}
len = tcp->u_rval;
+ /* Beware of insanely large or negative values in tcp->u_rval */
+ if (tcp->u_rval > 1024*1024)
+ len = 1024*1024;
+ if (tcp->u_rval < 0)
+ len = 0;
buf = len ? malloc(len) : NULL;
if (len && !buf)
die_out_of_memory();
@@ -2502,10 +2507,17 @@
tprintf("%#lx, %lu", tcp->u_arg[1], tcp->u_arg[2]);
return 0;
}
+
len = tcp->u_rval;
+ /* Beware of insanely large or negative tcp->u_rval */
+ if (tcp->u_rval > 1024*1024)
+ len = 1024*1024;
+ if (tcp->u_rval < 0)
+ len = 0;
buf = len ? malloc(len) : NULL;
if (len && !buf)
die_out_of_memory();
+
if (umoven(tcp, tcp->u_arg[1], len, buf) < 0) {
tprintf("%#lx, %lu", tcp->u_arg[1], tcp->u_arg[2]);
free(buf);
@@ -2573,10 +2585,17 @@
tprintf("%#lx, %lu, %#lx", tcp->u_arg[1], tcp->u_arg[2], tcp->u_arg[3]);
return 0;
}
+
len = tcp->u_rval;
+ /* Beware of insanely large or negative tcp->u_rval */
+ if (tcp->u_rval > 1024*1024)
+ len = 1024*1024;
+ if (tcp->u_rval < 0)
+ len = 0;
buf = malloc(len);
if (!buf)
die_out_of_memory();
+
if (umoven(tcp, tcp->u_arg[1], len, buf) < 0) {
tprintf("%#lx, %lu, %#lx", tcp->u_arg[1], tcp->u_arg[2], tcp->u_arg[3]);
free(buf);