From: tip-bot for Tony Jones <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: rostedt@goodmis.org, acme@redhat.com, tonyj@suse.de,
hpa@zytor.com, mikesart@fastmail.com, fweisbec@gmail.com,
minipli@googlemail.com, linux-kernel@vger.kernel.org,
mingo@kernel.org, tglx@linutronix.de
Subject: [tip:perf/urgent] tools lib traceevent: Fix buffer overflow in arg_eval
Date: Sat, 9 Mar 2019 11:47:54 -0800 [thread overview]
Message-ID: <tip-7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa@git.kernel.org> (raw)
In-Reply-To: <20190228015532.8941-1-tonyj@suse.de>
Commit-ID: 7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa
Gitweb: https://git.kernel.org/tip/7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa
Author: Tony Jones <tonyj@suse.de>
AuthorDate: Wed, 27 Feb 2019 17:55:32 -0800
Committer: Arnaldo Carvalho de Melo <acme@redhat.com>
CommitDate: Thu, 28 Feb 2019 16:06:47 -0300
tools lib traceevent: Fix buffer overflow in arg_eval
Fix buffer overflow observed when running perf test.
The overflow is when trying to evaluate "1ULL << (64 - 1)" which is
resulting in -9223372036854775808 which overflows the 20 character
buffer.
If is possible this bug has been reported before but I still don't see
any fix checked in:
See: https://www.spinics.net/lists/linux-perf-users/msg07714.html
Reported-by: Michael Sartain <mikesart@fastmail.com>
Reported-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Tony Jones <tonyj@suse.de>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Fixes: f7d82350e597 ("tools/events: Add files to create libtraceevent.a")
Link: http://lkml.kernel.org/r/20190228015532.8941-1-tonyj@suse.de
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/lib/traceevent/event-parse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c
index abd4fa5d3088..87494c7c619d 100644
--- a/tools/lib/traceevent/event-parse.c
+++ b/tools/lib/traceevent/event-parse.c
@@ -2457,7 +2457,7 @@ static int arg_num_eval(struct tep_print_arg *arg, long long *val)
static char *arg_eval (struct tep_print_arg *arg)
{
long long val;
- static char buf[20];
+ static char buf[24];
switch (arg->type) {
case TEP_PRINT_ATOM:
prev parent reply other threads:[~2019-03-09 19:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-28 1:55 [PATCH] tools lib traceevent: Fix buffer overflow in arg_eval Tony Jones
2019-02-28 3:12 ` Steven Rostedt
2019-02-28 19:01 ` Arnaldo Carvalho de Melo
2019-02-28 19:07 ` Arnaldo Carvalho de Melo
2019-03-09 19:47 ` tip-bot for Tony Jones [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa@git.kernel.org \
--to=tipbot@zytor.com \
--cc=acme@redhat.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mikesart@fastmail.com \
--cc=mingo@kernel.org \
--cc=minipli@googlemail.com \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=tonyj@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.