Re: [PATCH 1/4] rt-tests: cyclicdeadline: fix segmentation fault on close

From: John Kacur <jkacur@redhat.com>
To: Kurt Kanzenbach <kurt@linutronix.de>
Cc: Clark Williams <williams@redhat.com>,
	rt-users <linux-rt-users@vger.kernel.org>
Subject: Re: [PATCH 1/4] rt-tests: cyclicdeadline: fix segmentation fault on close
Date: Fri, 5 Apr 2019 16:33:33 +0200 (CEST)	[thread overview]
Message-ID: <alpine.LFD.2.21.1904051633140.8480@planxty> (raw)
In-Reply-To: <20190404134814.13376-2-kurt@linutronix.de>

On Thu, 4 Apr 2019, Kurt Kanzenbach wrote:

> The current code generates a segmentation fault in the last free() call.
> 
>   $ sudo ./cyclicdeadline
>   Using all CPUS
>   /sys/kernel/debug/sched_features: Success
>   interval: 600:1000
>     Tested at 5us of 600us
>   deadline thread 2963
>   thread[2963] runtime=600us deadline=1000us
>   main thread 2962
>   fail 2 0
>   T: 0 ( 2963) I:1000 C:   1268 Min:      7 Act:   55 Avg:   56 Max:     256
>   [1]    2961 segmentation fault  sudo ./cyclicdeadline
> 
> This is caused by a buffer overflow in setup_ftrace_marker(). The appended
> string is 21 not 14 characters wide. Fix it by using strlen() like the other
> function do.
> 
> Signed-off-by: Kurt Kanzenbach <kurt@linutronix.de>
> ---
>  src/sched_deadline/cyclicdeadline.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/sched_deadline/cyclicdeadline.c b/src/sched_deadline/cyclicdeadline.c
> index 08460107c464..303b5e96647a 100644
> --- a/src/sched_deadline/cyclicdeadline.c
> +++ b/src/sched_deadline/cyclicdeadline.c
> @@ -283,7 +283,7 @@ static void setup_ftrace_marker(void)
>  {
>  	struct stat st;
>  	const char *debugfs = find_debugfs();
> -	char files[strlen(debugfs) + 14];
> +	char files[strlen(debugfs) + strlen("/tracing/trace_marker") + 1];
>  	int ret;
>  
>  	if (strlen(debugfs) == 0)
> -- 
> 2.11.0
> 
> 
Signed-off-by: John Kacur <jkacur@redhat.com>