Project

General

Profile

Bug #9050

smbios hex dump isn't aligned for triple digit offsets

Added by Robert Mustacchi almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Category:
cmd - userland programs
Start date:
2018-02-06
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

The smbios(1M) utility will print raw hex dumps when it encounters an unsupported table. This code has a minor bug that becomes obvious when you have larger tables that require three hex digits to print:

ID    SIZE TYPE
57601 466  SMB_TYPE_OEM_LO+97 (type 225)

         offset:   0 1 2 3  4 5 6 7  8 9 a b  c d e f  0123456789abcdef
            0:  e16501e1 01010011 00020111 00030211  .e..............
         0x10:  00040311 00050411 00060511 00070611  ................
         0x20:  00080711 00090811 000a0911 000b0a11  ................
         0x30:  000c0b11 000d0c11 000e0d11 000f0e11  ................
         0x40:  00100f11 00111011 00121111 00131211  ................
         0x50:  00141311 00151411 00161511 00171611  ................
         0x60:  00181711 0044494d 4d2e536f 636b6574  .....DIMM.Socket
         0x70:  2e413100 44494d4d 2e536f63 6b65742e  .A1.DIMM.Socket.
         0x80:  41320044 494d4d2e 536f636b 65742e41  A2.DIMM.Socket.A
         0x90:  33004449 4d4d2e53 6f636b65 742e4134  3.DIMM.Socket.A4
         0xa0:  0044494d 4d2e536f 636b6574 2e413500  .DIMM.Socket.A5.
         0xb0:  44494d4d 2e536f63 6b65742e 41360044  DIMM.Socket.A6.D
         0xc0:  494d4d2e 536f636b 65742e41 37004449  IMM.Socket.A7.DI
         0xd0:  4d4d2e53 6f636b65 742e4138 0044494d  MM.Socket.A8.DIM
         0xe0:  4d2e536f 636b6574 2e413900 44494d4d  M.Socket.A9.DIMM
         0xf0:  2e536f63 6b65742e 41313000 44494d4d  .Socket.A10.DIMM
         0x100:  2e536f63 6b65742e 41313100 44494d4d  .Socket.A11.DIMM
         0x110:  2e536f63 6b65742e 41313200 44494d4d  .Socket.A12.DIMM
         0x120:  2e536f63 6b65742e 42310044 494d4d2e  .Socket.B1.DIMM.
         0x130:  536f636b 65742e42 32004449 4d4d2e53  Socket.B2.DIMM.S
         0x140:  6f636b65 742e4233 0044494d 4d2e536f  ocket.B3.DIMM.So
         0x150:  636b6574 2e423400 44494d4d 2e536f63  cket.B4.DIMM.Soc
         0x160:  6b65742e 42350044 494d4d2e 536f636b  ket.B5.DIMM.Sock
         0x170:  65742e42 36004449 4d4d2e53 6f636b65  et.B6.DIMM.Socke
         0x180:  742e4237 0044494d 4d2e536f 636b6574  t.B7.DIMM.Socket
         0x190:  2e423800 44494d4d 2e536f63 6b65742e  .B8.DIMM.Socket.
         0x1a0:  42390044 494d4d2e 536f636b 65742e42  B9.DIMM.Socket.B
         0x1b0:  31300044 494d4d2e 536f636b 65742e42  10.DIMM.Socket.B
         0x1c0:  31310044 494d4d2e 536f636b 65742e42  11.DIMM.Socket.B

Note how starting at 0x100, things become offset a bit. The problem is that the format string is using %#4lx. In this case the # character will cause it to generate an 0x prefix. This appears to count as part of the 4 digits specified. The solution here is to cleave two additional characters from the indentation and move them into the format string. This will give us a uint16_t worth of offset. While this doesn't preclude future occurrences of this bug, it gives us a value that will likely be practically large enough.


I dumped the same specific smbios table that caused me to notice this with a new binary that fixed this:

[root@volcano /var/tmp]# ./smbios -t 225
ID    SIZE TYPE
57600 38   SMB_TYPE_OEM_LO+97 (type 225)

  offset:   0 1 2 3  4 5 6 7  8 9 a b  c d e f  0123456789abcdef
       0:  e10d00e1 01010004 00020104 00435055  .............CPU
    0x10:  2e536f63 6b65742e 31004350 552e536f  .Socket.1.CPU.So
    0x20:  636b6574 2e32                        cket.2          

ID    SIZE TYPE
57601 466  SMB_TYPE_OEM_LO+97 (type 225)

  offset:   0 1 2 3  4 5 6 7  8 9 a b  c d e f  0123456789abcdef
       0:  e16501e1 01010011 00020111 00030211  .e..............
    0x10:  00040311 00050411 00060511 00070611  ................
    0x20:  00080711 00090811 000a0911 000b0a11  ................
    0x30:  000c0b11 000d0c11 000e0d11 000f0e11  ................
    0x40:  00100f11 00111011 00121111 00131211  ................
    0x50:  00141311 00151411 00161511 00171611  ................
    0x60:  00181711 0044494d 4d2e536f 636b6574  .....DIMM.Socket
    0x70:  2e413100 44494d4d 2e536f63 6b65742e  .A1.DIMM.Socket.
    0x80:  41320044 494d4d2e 536f636b 65742e41  A2.DIMM.Socket.A
    0x90:  33004449 4d4d2e53 6f636b65 742e4134  3.DIMM.Socket.A4
    0xa0:  0044494d 4d2e536f 636b6574 2e413500  .DIMM.Socket.A5.
    0xb0:  44494d4d 2e536f63 6b65742e 41360044  DIMM.Socket.A6.D
    0xc0:  494d4d2e 536f636b 65742e41 37004449  IMM.Socket.A7.DI
    0xd0:  4d4d2e53 6f636b65 742e4138 0044494d  MM.Socket.A8.DIM
    0xe0:  4d2e536f 636b6574 2e413900 44494d4d  M.Socket.A9.DIMM
    0xf0:  2e536f63 6b65742e 41313000 44494d4d  .Socket.A10.DIMM
   0x100:  2e536f63 6b65742e 41313100 44494d4d  .Socket.A11.DIMM
   0x110:  2e536f63 6b65742e 41313200 44494d4d  .Socket.A12.DIMM
   0x120:  2e536f63 6b65742e 42310044 494d4d2e  .Socket.B1.DIMM.
   0x130:  536f636b 65742e42 32004449 4d4d2e53  Socket.B2.DIMM.S
   0x140:  6f636b65 742e4233 0044494d 4d2e536f  ocket.B3.DIMM.So
   0x150:  636b6574 2e423400 44494d4d 2e536f63  cket.B4.DIMM.Soc
   0x160:  6b65742e 42350044 494d4d2e 536f636b  ket.B5.DIMM.Sock
   0x170:  65742e42 36004449 4d4d2e53 6f636b65  et.B6.DIMM.Socke
   0x180:  742e4237 0044494d 4d2e536f 636b6574  t.B7.DIMM.Socket
   0x190:  2e423800 44494d4d 2e536f63 6b65742e  .B8.DIMM.Socket.
   0x1a0:  42390044 494d4d2e 536f636b 65742e42  B9.DIMM.Socket.B
   0x1b0:  31300044 494d4d2e 536f636b 65742e42  10.DIMM.Socket.B
   0x1c0:  31310044 494d4d2e 536f636b 65742e42  11.DIMM.Socket.B
   0x1d0:  3132                                 12              

Data is now aligned!

History

#1

Updated by Electric Monk almost 2 years ago

  • Status changed from New to Closed

git commit e9cac61d8dc1ac02dd8eed83d984709ce38b49f2

commit  e9cac61d8dc1ac02dd8eed83d984709ce38b49f2
Author: Robert Mustacchi <rm@joyent.com>
Date:   2018-02-13T17:16:23.000Z

    9049 smbios(1M) confusingly uses literal tabs in output strings
    9050 smbios hex dump isn't aligned for triple digit offsets
    Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
    Reviewed by: Ryan Zezeski <ryan.zeseski@joyent.com>
    Reviewed by: Yuri Pankov <yuripv@yuripv.net>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Richard Lowe <richlowe@richlowe.net>

Also available in: Atom PDF