Linux-Trace-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] trace-cmd split: Assert if the calculated record size is too big
@ 2021-06-29  2:40 Steven Rostedt
  0 siblings, 0 replies; only message in thread
From: Steven Rostedt @ 2021-06-29  2:40 UTC (permalink / raw)
  To: linux-trace-devel, Julia Lawall

From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>

With a discovery of a bug that caused a record to be written passed the
end of a page (and this was a possible memory corruption bug), check that
the calculated length is no bigger than the record it is copying. If it
is, then crash, as this can cause the data to write pass the allocated
page.

Now that bug would crash on the split command with:

  Bad calculation of record len (expect:116 actual:120)

Link: https://lore.kernel.org/linux-trace-devel/20210628222609.01ea12ad@oasis.local.home/

Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
---
 tracecmd/trace-split.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tracecmd/trace-split.c b/tracecmd/trace-split.c
index 9b1a8d7a..775611c1 100644
--- a/tracecmd/trace-split.c
+++ b/tracecmd/trace-split.c
@@ -118,6 +118,9 @@ static int write_record(struct tracecmd_input *handle,
 
 	if (!len) {
 		len = record->size + 4;
+		if ((len + 4) > record->record_size)
+			die("Bad calculation of record len (expect:%d actual:%d)",
+			    record->record_size, len + 4);
 		*(unsigned *)ptr = tep_read_number(pevent, &len, 4);
 		ptr += 4;
 		index += 4;
-- 
2.29.2


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-29  2:40 [PATCH] trace-cmd split: Assert if the calculated record size is too big Steven Rostedt

Linux-Trace-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-trace-devel/0 linux-trace-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-trace-devel linux-trace-devel/ https://lore.kernel.org/linux-trace-devel \
		linux-trace-devel@vger.kernel.org
	public-inbox-index linux-trace-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-trace-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git