Bug#530548: Integer overflow for >4Gb of RAM

Mon, 25 May 2009 10:22:53 -0700 

Subject: g15stats: Integer overflow for >4Gb of RAM
Package: g15stats
Version: 1.0-2
Severity: important
Tags: patch

Hi,
I discovered an integer overflow which occurs if you have >4Gb of RAM

The bars of the memory overview screen have the wrong dimension on my
amd64 system with 6Gb of RAM.

I fixed this for me by dividing each value given to g15r_drawBar() by
1024, just like it was done for the swap screen. The patch is appended.

So far, farewell
Stephan Thamm


-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable'), (50, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.29-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages g15stats depends on:
ii  g15daemon              1.9.5.3-3         Screen multiplexer for
Logitech G1
ii  libc6                  2.7-18            GNU C Library: Shared
libraries
ii  libfreetype6           2.3.7-2+lenny1    FreeType 2 font engine,
shared lib
ii  libg15-1               1.2.6-1           Library for interfacing
with the L
ii  libg15daemon-client1   1.9.5.3-3         Development packages for
libg15dae
ii  libg15render1          1.2.0.svn250-2    Library for interfacing
with the L
ii  libglib2.0-0           2.16.6-1+lenny1   The GLib library of C
routines
ii  libgtop2-7             2.22.3-1          gtop system monitoring
library
ii  libusb-0.1-4           2:0.1.12-13       userspace USB programming
library
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library -
runtime

g15stats recommends no packages.

g15stats suggests no packages.

-- no debconf information

--- a/g15stats.c	2009-05-25 18:45:44.000000000 +0200
+++ b/g15stats.c	2009-05-25 18:10:58.000000000 +0200
@@ -162,10 +162,10 @@
     sprintf(tmpstr,"Che %2.f%%",((float)mem.cached/(float)mem.total)*100);
     g15r_renderString (canvas, (unsigned char*)tmpstr, 0, G15_TEXT_MED, 1, 26);
 
-    g15r_drawBar(canvas,43,1,150,10,1,mem.user,mem.total,4);
-    g15r_drawBar(canvas,43,12,150,21,1,mem.buffer,mem.total,4);
-    g15r_drawBar(canvas,43,23,150,32,1,mem.cached,mem.total,4);
-    drawBar_reversed(canvas,43,1,150,32,1,mem.free,mem.total,5);
+    g15r_drawBar(canvas,43,1,150,10,1,mem.user/1024,mem.total/1024,4);
+    g15r_drawBar(canvas,43,12,150,21,1,mem.buffer/1024,mem.total/1024,4);
+    g15r_drawBar(canvas,43,23,150,32,1,mem.cached/1024,mem.total/1024,4);
+    drawBar_reversed(canvas,43,1,150,32,1,mem.free/1024,mem.total/1024,5);
 
     g15r_drawLine (canvas, 40, 1, 40, 32, 1);
     g15r_drawLine (canvas, 41, 1, 41, 32, 1);

Reply via email to