This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Array overflow when no array is used

From: Vincent Bernat <bernat at luffy dot cx>
To: systemtap at sourceware dot org
Date: Mon, 30 Sep 2013 12:41:25 +0200
Subject: Array overflow when no array is used
Authentication-results: sourceware.org; auth=none

Hi!

I am trying to do a simple probe to check on what files we get cache
miss for APC (an opcode caching program for APC). I may do something
wrong because I have simplified the case and still get odd errors.

For example:

probe process("/usr/lib/php5/20090626/apc.so").function("apc_cache_make_file_key").return {
    printf("%p\n", $key);
}

I get some values and a few seconds later, I get:

ERROR: Array overflow, check MAXMAPENTRIES near identifier '$key' at ./apc-cache-miss.stp:4:20

Where does it get an array?

I noticed that some values are just bogus. For example, a more complete
example is:

probe process("/usr/lib/php5/20090626/apc.so").function("apc_cache_make_file_key").return {
    if ($return == 1) {
        device = $key->data->file->device
        inode = $key->data->file->inode
        filename = user_string($filename)
        printf("(%u,%u) = %s\n", device, inode, filename)
        // filenames[device, inode] = filename
    }
}

Now, I get:

ERROR: Array overflow, check MAXMAPENTRIES near identifier '$key' at ./apc-cache-miss.stp:10:18

(line 10 is the first one with $key)

But some print values are just bogus:

(1377693637,1049089) = /data/web/prod.ping/lib/DM/Auth.php
(2055,1050670) = /data/web/prod.ping/lib/DM/EventDispatcher.php

First device number is bogus. Second one is fine. I have checked the
source and I don't see a case wehere I could end up with something
incorrect in device. Since systemtap always complain about array
overflow, I think there may be major problem with $key.

The prototype is:

int apc_cache_make_file_key(apc_cache_key_t* key,
                       const char* filename,
                       const char* include_path,
                       time_t t
                       TSRMLS_DC)

typedef union _apc_cache_key_data_t {
    struct {
        apc_dev_t device;             /* the filesystem device */
        apc_ino_t inode;              /* the filesystem inode */
    } file;
    struct {
        const char *identifier;
        int identifier_len;
    } user;
    struct {
        const char *fullpath;
        int fullpath_len;
    } fpfile;
} apc_cache_key_data_t;

I am pretty sure that the union is always a struct file. But it
shouldn't matter for the overflow stuff.

What could trigger this overflow stuff? It is my first attempt at a
userland probe, so I may do something wrong.

My stap-report is the same (so GCC 4.6.3):

 https://gist.github.com/vincentbernat/8e50f9156f03184cde40

I have debug symbols for apc.so. It is compiled with -O2.
-- 
Don't sacrifice clarity for small gains in "efficiency".
            - The Elements of Programming Style (Kernighan & Plauger)

Follow-Ups:
- Re: Array overflow when no array is used
  - From: Vincent Bernat

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]