From 9f49a9853caff67bcc5de7dfe2c52ab1ae7f3738 Mon Sep 17 00:00:00 2001
From: David Smith <dsmith@redhat.com>
Date: Mon, 25 Jan 2010 15:04:55 -0600
Subject: Fixed PR 11220 by setting MAP_STRING_LENGTH to MAXSTRINGLEN.

* runtime/map.h: Set MAP_STRING_LENGTH to MAXSTRINGLEN so that large
  strings can be stored in arrays.
* testsuite/systemtap.base/array_string.exp: New testcase.
---
 testsuite/systemtap.base/array_string.exp | 45 +++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 testsuite/systemtap.base/array_string.exp

(limited to 'testsuite/systemtap.base')

diff --git a/testsuite/systemtap.base/array_string.exp b/testsuite/systemtap.base/array_string.exp
new file mode 100644
index 00000000..92df1149
--- /dev/null
+++ b/testsuite/systemtap.base/array_string.exp
@@ -0,0 +1,45 @@
+# PR 11220.  Make sure we can store large strings in arrays.
+
+if {![installtest_p]} { untested $test; return }
+
+set test "ARRAY_STRING"
+
+set test_script {
+    global str
+    global str_array[1]
+
+    probe begin {
+	str = "  0:123456789+123456789+123456789+123456789+123456789+123456789  1:123456789+123456789+123456789+123456789+123456789+123456789  2:123456789+123456789+123456789+123456789+123456789+123456789  3:123456789+123456789+123456789+123456789+123456789+123456789  4:123456789+123456789+123456789+123456789+123456789+123456789  5:123456789+123456789+123456789+123456789+123456789+123456789  6:123456789+123456789+123456789+123456789+123456789+123456789  7:123456789+123456789+123456789+123456789+123456789+123456789"	
+	str_array[0] = str
+        printf("systemtap starting probe\n")
+    }
+
+    probe end {
+        printf("systemtap ending probe\n")
+	if (strlen(str) < 500) {
+	    printf("string str is too short: %d\n", strlen(str))
+	    printf("%s\n", str)
+	}
+	if (strlen(str) == strlen(str_array[0])) {
+	    printf("string lengths match\n")
+	}
+	else {
+	    printf("string lengths *don't* match\n")
+	    printf("str: %d\n", strlen(str))
+	    printf("str_array[0]: %d\n", strlen(str_array[0]))
+	}
+	if (str_array[0] == str) {
+	    printf("strings match\n")
+	}
+	else {
+	    printf("strings *don't* match!\n")
+	    printf("str: %s\n", str)
+	    printf("str_array[0]: %s\n", str_array[0])
+	}
+    }
+}
+
+set output "string lengths match\r\nstrings match\r\n"
+
+# Set MAXSTRINGLEN to 512 to be sure we're testing what we intend.
+stap_run $test no_load $output -DMAXSTRINGLEN=512 -e $test_script
-- 
cgit 


From 6390a48a6dfb88c9692af877e1767ce6cc8030d0 Mon Sep 17 00:00:00 2001
From: David Smith <dsmith@redhat.com>
Date: Tue, 26 Jan 2010 13:40:51 -0600
Subject: Fixed PR 11223 by null terminating strings in procfs write probes.

* tapset-procfs.cxx (procfs_var_expanding_visitor::visit_target_symbol):
  Correctly null terminate strings in procfs write probes.
* testsuite/systemtap.base/procfs_write.exp: New test.
---
 testsuite/systemtap.base/procfs_write.exp | 135 ++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100644 testsuite/systemtap.base/procfs_write.exp

(limited to 'testsuite/systemtap.base')

diff --git a/testsuite/systemtap.base/procfs_write.exp b/testsuite/systemtap.base/procfs_write.exp
new file mode 100644
index 00000000..5bb35532
--- /dev/null
+++ b/testsuite/systemtap.base/procfs_write.exp
@@ -0,0 +1,135 @@
+# PR 11223.  Make sure we can handle large amounts of procfs write data.
+
+set test "PROCFS_WRITE"
+
+if {![installtest_p]} { untested $test; return }
+
+proc proc_write_value { test path value} {
+    if [catch {open $path WRONLY} channel] {
+	fail "$test $channel"
+    } else {
+	puts $channel $value
+	close $channel
+	pass "$test wrote $value"
+    }
+}
+
+# This test string is ~4224 bytes long (66 lines of 64 chars).  The
+# procfs kernel system will use a buffer of 4K.  Our string of ~4224
+# should take around 9 trips through the write function (4224 chars /
+# 512 bytes per systemtap string = ~9 trips).
+#
+# The kernel reuses the 4K buffer for the 9th trip and doesn't null
+# terminate the string.  Instead, it tells consumers how many bytes
+# are present.
+#
+# We want to make sure we can handle > 4K worth of data properly.
+set test_string \
+"  0:12345678901234567890123456789012345678901234567890123456789
+  1:12345678901234567890123456789012345678901234567890123456789
+  2:12345678901234567890123456789012345678901234567890123456789
+  3:12345678901234567890123456789012345678901234567890123456789
+  4:12345678901234567890123456789012345678901234567890123456789
+  5:12345678901234567890123456789012345678901234567890123456789
+  6:12345678901234567890123456789012345678901234567890123456789
+  7:12345678901234567890123456789012345678901234567890123456789
+  8:12345678901234567890123456789012345678901234567890123456789
+  9:12345678901234567890123456789012345678901234567890123456789
+ 10:12345678901234567890123456789012345678901234567890123456789
+ 11:12345678901234567890123456789012345678901234567890123456789
+ 12:12345678901234567890123456789012345678901234567890123456789
+ 13:12345678901234567890123456789012345678901234567890123456789
+ 14:12345678901234567890123456789012345678901234567890123456789
+ 15:12345678901234567890123456789012345678901234567890123456789
+ 16:12345678901234567890123456789012345678901234567890123456789
+ 17:12345678901234567890123456789012345678901234567890123456789
+ 18:12345678901234567890123456789012345678901234567890123456789
+ 19:12345678901234567890123456789012345678901234567890123456789
+ 20:12345678901234567890123456789012345678901234567890123456789
+ 21:12345678901234567890123456789012345678901234567890123456789
+ 22:12345678901234567890123456789012345678901234567890123456789
+ 23:12345678901234567890123456789012345678901234567890123456789
+ 24:12345678901234567890123456789012345678901234567890123456789
+ 25:12345678901234567890123456789012345678901234567890123456789
+ 26:12345678901234567890123456789012345678901234567890123456789
+ 27:12345678901234567890123456789012345678901234567890123456789
+ 28:12345678901234567890123456789012345678901234567890123456789
+ 29:12345678901234567890123456789012345678901234567890123456789
+ 30:12345678901234567890123456789012345678901234567890123456789
+ 31:12345678901234567890123456789012345678901234567890123456789
+ 32:12345678901234567890123456789012345678901234567890123456789
+ 33:12345678901234567890123456789012345678901234567890123456789
+ 34:12345678901234567890123456789012345678901234567890123456789
+ 35:12345678901234567890123456789012345678901234567890123456789
+ 36:12345678901234567890123456789012345678901234567890123456789
+ 37:12345678901234567890123456789012345678901234567890123456789
+ 38:12345678901234567890123456789012345678901234567890123456789
+ 39:12345678901234567890123456789012345678901234567890123456789
+ 40:12345678901234567890123456789012345678901234567890123456789
+ 41:12345678901234567890123456789012345678901234567890123456789
+ 42:12345678901234567890123456789012345678901234567890123456789
+ 43:12345678901234567890123456789012345678901234567890123456789
+ 44:12345678901234567890123456789012345678901234567890123456789
+ 45:12345678901234567890123456789012345678901234567890123456789
+ 46:12345678901234567890123456789012345678901234567890123456789
+ 47:12345678901234567890123456789012345678901234567890123456789
+ 48:12345678901234567890123456789012345678901234567890123456789
+ 49:12345678901234567890123456789012345678901234567890123456789
+ 50:12345678901234567890123456789012345678901234567890123456789
+ 51:12345678901234567890123456789012345678901234567890123456789
+ 52:12345678901234567890123456789012345678901234567890123456789
+ 53:12345678901234567890123456789012345678901234567890123456789
+ 54:12345678901234567890123456789012345678901234567890123456789
+ 55:12345678901234567890123456789012345678901234567890123456789
+ 56:12345678901234567890123456789012345678901234567890123456789
+ 57:12345678901234567890123456789012345678901234567890123456789
+ 58:12345678901234567890123456789012345678901234567890123456789
+ 59:12345678901234567890123456789012345678901234567890123456789
+ 60:12345678901234567890123456789012345678901234567890123456789
+ 61:12345678901234567890123456789012345678901234567890123456789
+ 62:12345678901234567890123456789012345678901234567890123456789
+ 63:12345678901234567890123456789012345678901234567890123456789
+ 64:12345678901234567890123456789012345678901234567890123456789
+ 65:12345678901234567890123456789012345678901234567890123456789
+ 66:12345678901234567890123456789012345678901234567890123456789"
+
+# Now we need the version of the above string that expect will look
+# for.  So, we need to convert all '\n' to '\r\n' and add a trailing
+# '\r\n'.
+regsub -all {\n} $test_string {\r\n} test_string2
+set test_string2 "$test_string2\\r\\n"
+
+proc proc_write_test {} {
+    global test test_string
+    set path "/proc/systemtap/$test/command"
+
+    proc_write_value $test $path $test_string
+    return 0;
+}
+
+set systemtap_write_script {
+    global iteration = 0
+    global saved_value[20]
+
+    probe procfs("command").write {
+	saved_value[iteration] = $value
+	iteration++
+    }
+
+    probe begin {
+        printf("systemtap starting probe\n")
+    }
+
+    probe end {
+        printf("systemtap ending probe\n")
+	for (i = 0; i < iteration; i++) {
+	    printf("%s", saved_value[i])
+	}
+    }
+}
+
+# We're forcing the MAXSTRINGLEN to be 512 chars to make sure we know
+# what we're testing.
+stap_run $test proc_write_test $test_string2 -DMAXSTRINGLEN=512 \
+    -e $systemtap_write_script -m $test
+exec /bin/rm -f ${test}.ko
-- 
cgit 


From 982b88bd950381434a8325e550eff9df59f59dcd Mon Sep 17 00:00:00 2001
From: Wenji Huang <wenji.huang@oracle.com>
Date: Thu, 28 Jan 2010 14:16:43 +0800
Subject: PR6954: make ++/-- operation trigger automatic global printing

* staptree.cxx (varuse_collecting_visitor::visit_arrayindex):
  Regard operations as pure writes.
* testsuite/systemtap.base/global_end.exp: Add test case.
* testsuite/systemtap.base/global_end.stp: Ditto.
---
 testsuite/systemtap.base/global_end.exp | 3 ++-
 testsuite/systemtap.base/global_end.stp | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'testsuite/systemtap.base')

diff --git a/testsuite/systemtap.base/global_end.exp b/testsuite/systemtap.base/global_end.exp
index d245212f..9d9c8d9b 100644
--- a/testsuite/systemtap.base/global_end.exp
+++ b/testsuite/systemtap.base/global_end.exp
@@ -19,6 +19,7 @@ expect {
     -re {epsilon."one",1. @count=0x4 @min=0x1 @max=0x4 @sum=0xa @avg=0x2} { incr ok; exp_continue }
     -re {epsilon."two",2. @count=0x4 @min=0xa @max=0x28 @sum=0x64 @avg=0x19} { incr ok; exp_continue }
     -re {phi @count=0x4 @min=0x1 @max=0x4 @sum=0xa @avg=0x2} { incr ok; exp_continue }
+    -re {var=0x1} { incr ok; exp_continue }
     timeout { fail "$test (timeout)" }
     eof { }
 }
@@ -32,4 +33,4 @@ expect {
     -re {Avg time = [1-9]} { incr ok; exp_continue }
 }
 
-if {$ok == 12} { pass "$test ($ok)" } { fail "$test ($ok)" }
+if {$ok == 13} { pass "$test ($ok)" } { fail "$test ($ok)" }
diff --git a/testsuite/systemtap.base/global_end.stp b/testsuite/systemtap.base/global_end.stp
index 4a5baff7..1f707d54 100644
--- a/testsuite/systemtap.base/global_end.stp
+++ b/testsuite/systemtap.base/global_end.stp
@@ -1,4 +1,4 @@
-global alpha, beta, gamma, iota, epsilon, phi
+global alpha, beta, gamma, iota, epsilon, phi, var
 
 probe begin {
  gamma = "abcdefghijklmnopqrstuvwxyz"
@@ -29,6 +29,8 @@ probe begin {
  epsilon["two",2] <<< 20
  epsilon["two",2] <<< 30
  epsilon["two",2] <<< 40
+
+ var++
 }
 
 probe timer.ms(100) {
-- 
cgit 


From f75409719f120a3dbee66d761cf23a64092d1414 Mon Sep 17 00:00:00 2001
From: Josh Stone <jistone@redhat.com>
Date: Thu, 28 Jan 2010 21:00:58 -0800
Subject: PR11234: Ensure __get_argv doesn't overflow

That function was calling strlcpy as if the return value was the number
of bytes copied, but strlcpy actually returns the length of the input
string.  We now use min() to handle the case when it's bigger than the
buffer length, and drop out of the loop when that happens.
---
 testsuite/systemtap.base/overflow-get_argv.exp |  5 +++
 testsuite/systemtap.base/overflow-get_argv.stp | 62 ++++++++++++++++++++++++++
 2 files changed, 67 insertions(+)
 create mode 100644 testsuite/systemtap.base/overflow-get_argv.exp
 create mode 100644 testsuite/systemtap.base/overflow-get_argv.stp

(limited to 'testsuite/systemtap.base')

diff --git a/testsuite/systemtap.base/overflow-get_argv.exp b/testsuite/systemtap.base/overflow-get_argv.exp
new file mode 100644
index 00000000..ac7fddc5
--- /dev/null
+++ b/testsuite/systemtap.base/overflow-get_argv.exp
@@ -0,0 +1,5 @@
+# PR11234: __get_argv can overflow its return buffer
+
+set test "overflow-get_argv"
+
+stap_run $srcdir/$subdir/$test.stp no_load $all_pass_string -g -c "/bin/true /usr/bin/*"
diff --git a/testsuite/systemtap.base/overflow-get_argv.stp b/testsuite/systemtap.base/overflow-get_argv.stp
new file mode 100644
index 00000000..a4d1d212
--- /dev/null
+++ b/testsuite/systemtap.base/overflow-get_argv.stp
@@ -0,0 +1,62 @@
+// PR11234: __get_argv can overflow its return buffer
+
+// __get_argv has a signature like this:
+//    struct function___get_argv_locals {
+//      int64_t a;
+//      int64_t first;
+//      string_t __retvalue;
+//    } function___get_argv;
+//
+// These functions are meant to have an overlap such that we can tell if
+// __get_argv overran its __retvalue.
+//
+//      int64_t x;
+//      int64_t y;
+//      string_t z;
+//      string_t __retvalue;
+//
+// NB: __retvalue[0] always gets cleared on call, but the rest should be
+// untouched, so we can use it as a sentinal.
+
+function clear:string(x:long, y:long, z:string) %{
+  memset(THIS->__retvalue, 0, MAXSTRINGLEN);
+%}
+
+function check:string(x:long, y:long, z:string) %{
+  int i, bad;
+  for (i=1; i<MAXSTRINGLEN; ++i)
+    if (THIS->__retvalue[i])
+      ++bad;
+
+  if (bad)
+    snprintf(THIS->__retvalue, MAXSTRINGLEN, "%d non-zero bytes", bad);
+  else
+    strlcpy(THIS->__retvalue, "ok", MAXSTRINGLEN);
+%}
+
+global result = "untested"
+
+probe syscall.execve {
+  if (pid() != target())
+    next
+
+  clear(0, 0, "")
+  foo = __get_argv($argv, 0)
+  result = check(0, 0, "")
+
+  // ensure that foo isn't optimized away
+  if (foo == "foo")
+    next
+}
+
+probe begin {
+  println("systemtap starting probe")
+}
+
+probe end {
+  println("systemtap ending probe")
+  if (result == "ok")
+    println("systemtap test success")
+  else
+    println("systemtap test failure: ", result)
+}
-- 
cgit 


From 0daf3783cb8baaa114c02acbb9e6a241fcc39ed8 Mon Sep 17 00:00:00 2001
From: Wenji Huang <wenji.huang@oracle.com>
Date: Mon, 1 Feb 2010 10:31:37 +0800
Subject: Fix uninitialization error on gcc 4.1.x

* testsuite/systemtap.base/overflow-get_argv.stp: Initialize var.
---
 testsuite/systemtap.base/overflow-get_argv.stp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'testsuite/systemtap.base')

diff --git a/testsuite/systemtap.base/overflow-get_argv.stp b/testsuite/systemtap.base/overflow-get_argv.stp
index a4d1d212..159ef4a8 100644
--- a/testsuite/systemtap.base/overflow-get_argv.stp
+++ b/testsuite/systemtap.base/overflow-get_argv.stp
@@ -23,7 +23,7 @@ function clear:string(x:long, y:long, z:string) %{
 %}
 
 function check:string(x:long, y:long, z:string) %{
-  int i, bad;
+  int i, bad = 0;
   for (i=1; i<MAXSTRINGLEN; ++i)
     if (THIS->__retvalue[i])
       ++bad;
-- 
cgit