[Bug 260006] Compressed user core files with large segments are truncated

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260006

            Bug ID: 260006
           Summary: Compressed user core files with large segments are
                    truncated
           Product: Base System
           Version: 11.4-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: chris_horneck@dell.com

Created attachment 229685
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=229685&action=edit
Test program

This problem can happen with kernels compiled with GZIO and sysctl
kern.compress_user_cores=1.

If the program being dumped has a memory segment with size >= 0xFFFFFFFF, the
segment will be silently truncated, which "damages" any memory segments written
to the core file afterwards.

The root of the problem is in imgact_elf.c. The function compress_chunk accepts
a length of type u_int (32-bits), while it's callers pass lengths of type
size_t (64-bits). Thus, any segment with a length that cannot fit in 32-bits
will be truncated.

The function compress_chunk lives on in later branches and appears to suffer
the same problem.

Trivial test program that allocates a large memory segment before crashing is
attached. Kernel must be compiled with GZIO and sysctl
kern.compress_user_cores=1.

-- 
You are receiving this mail because:
You are the assignee for the bug.