This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Array overflow when no array is used
- From: Vincent Bernat <bernat at luffy dot cx>
- To: systemtap at sourceware dot org
- Date: Mon, 30 Sep 2013 12:41:25 +0200
- Subject: Array overflow when no array is used
- Authentication-results: sourceware.org; auth=none
Hi!
I am trying to do a simple probe to check on what files we get cache
miss for APC (an opcode caching program for APC). I may do something
wrong because I have simplified the case and still get odd errors.
For example:
probe process("/usr/lib/php5/20090626/apc.so").function("apc_cache_make_file_key").return {
printf("%p\n", $key);
}
I get some values and a few seconds later, I get:
ERROR: Array overflow, check MAXMAPENTRIES near identifier '$key' at ./apc-cache-miss.stp:4:20
Where does it get an array?
I noticed that some values are just bogus. For example, a more complete
example is:
probe process("/usr/lib/php5/20090626/apc.so").function("apc_cache_make_file_key").return {
if ($return == 1) {
device = $key->data->file->device
inode = $key->data->file->inode
filename = user_string($filename)
printf("(%u,%u) = %s\n", device, inode, filename)
// filenames[device, inode] = filename
}
}
Now, I get:
ERROR: Array overflow, check MAXMAPENTRIES near identifier '$key' at ./apc-cache-miss.stp:10:18
(line 10 is the first one with $key)
But some print values are just bogus:
(1377693637,1049089) = /data/web/prod.ping/lib/DM/Auth.php
(2055,1050670) = /data/web/prod.ping/lib/DM/EventDispatcher.php
First device number is bogus. Second one is fine. I have checked the
source and I don't see a case wehere I could end up with something
incorrect in device. Since systemtap always complain about array
overflow, I think there may be major problem with $key.
The prototype is:
int apc_cache_make_file_key(apc_cache_key_t* key,
const char* filename,
const char* include_path,
time_t t
TSRMLS_DC)
typedef union _apc_cache_key_data_t {
struct {
apc_dev_t device; /* the filesystem device */
apc_ino_t inode; /* the filesystem inode */
} file;
struct {
const char *identifier;
int identifier_len;
} user;
struct {
const char *fullpath;
int fullpath_len;
} fpfile;
} apc_cache_key_data_t;
I am pretty sure that the union is always a struct file. But it
shouldn't matter for the overflow stuff.
What could trigger this overflow stuff? It is my first attempt at a
userland probe, so I may do something wrong.
My stap-report is the same (so GCC 4.6.3):
https://gist.github.com/vincentbernat/8e50f9156f03184cde40
I have debug symbols for apc.so. It is compiled with -O2.
--
Don't sacrifice clarity for small gains in "efficiency".
- The Elements of Programming Style (Kernighan & Plauger)