From: Arnaldo Carvalho de Melo <arnaldo.melo@gmail.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Tony Jones <tonyj@suse.de>,
linux-kernel@vger.kernel.org,
Arnaldo Carvalho de Melo <acme@redhat.com>,
linux-perf-users@vger.kernel.org,
Mathias Krause <minipli@googlemail.com>,
linux-trace-devel@vger.kernel.org,
Tzvetomir Stoyanov <tstoyanov@vmware.com>,
Michael Sartain <mikesart@fastmail.com>
Subject: Re: [PATCH] tools lib traceevent: Fix buffer overflow in arg_eval
Date: Thu, 28 Feb 2019 16:01:23 -0300 [thread overview]
Message-ID: <20190228190123.GK9508@kernel.org> (raw)
In-Reply-To: <20190227221250.74996869@vmware.local.home>
Em Wed, Feb 27, 2019 at 10:12:50PM -0500, Steven Rostedt escreveu:
> On Wed, 27 Feb 2019 17:55:32 -0800
> Tony Jones <tonyj@suse.de> wrote:
>
> > Fix buffer overflow observed when running perf test.
> >
> > The overflow is when trying to evaluate "1ULL << (64 - 1)" which
> > is resulting in -9223372036854775808 which overflows the 20 character
> > buffer.
> >
> > If is possible this bug has been reported before but I still don't
> > see any fix checked in:
> >
> > See: https://www.spinics.net/lists/linux-perf-users/msg07714.html
> >
> > Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
> > Cc: linux-perf-users@vger.kernel.org
> > Cc: Steven Rostedt <rostedt@goodmis.org>
> > Signed-off-by: Tony Jones <tonyj@suse.de>
>
> Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
>
> I have to say I've let this slide and it is not the first time a patch
> went out with this fix. But this one has the correct fix because we
> should use a buffer with a multiple of 4. Anyway, Tony I believe was
> the first to report this anyway.
>
> For reference we have:
>
> I first heard about Tony's complaint on a post to linux-perf-users on Jan 18.
>
> But then we had after that:
>
> Michael Sartain reported it on 1/24 (and fixed by Tzvetomir)
> https://lore.kernel.org/linux-trace-devel/20190125102014.19600-1-tstoyanov@vmware.com/
>
> It was later fixed again by Mathias Krause
> https://lore.kernel.org/linux-trace-devel/20190223122404.21137-1-minipli@googlemail.com/
>
> But since Tony was first to report it, and we discussed that it should
> be 24 bytes, I would say this is the patch to take.
>
> Again, sorry for not getting this acknowledged earlier and everyone doing
> the same thing multiple times. :-/
>
> Arnaldo, please take this patch. But also add:
>
> Reported-by: Michael Sartain <mikesart@fastmail.com>
> Reported-by: Mathias Krause <minipli@googlemail.com>
Will do.
Thanks for the credit research,
- Arnaldo
next prev parent reply other threads:[~2019-02-28 19:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-28 1:55 [PATCH] tools lib traceevent: Fix buffer overflow in arg_eval Tony Jones
2019-02-28 3:12 ` Steven Rostedt
2019-02-28 19:01 ` Arnaldo Carvalho de Melo [this message]
2019-02-28 19:07 ` Arnaldo Carvalho de Melo
2019-03-09 19:47 ` [tip:perf/urgent] " tip-bot for Tony Jones
2019-08-07 12:14 [PATCH] " Tzvetomir Stoyanov (VMware)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190228190123.GK9508@kernel.org \
--to=arnaldo.melo@gmail.com \
--cc=acme@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-trace-devel@vger.kernel.org \
--cc=mikesart@fastmail.com \
--cc=minipli@googlemail.com \
--cc=rostedt@goodmis.org \
--cc=tonyj@suse.de \
--cc=tstoyanov@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.