aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorSteven Rostedt (Red Hat) <rostedt@goodmis.org>2015-04-17 10:27:57 -0400
committerSteven Rostedt <rostedt@goodmis.org>2015-04-17 10:34:43 -0400
commit3193899d4dd54056f8c2e0b1e40dd6e2f0009f28 (patch)
tree8f118c5311094656325fff91c1a036d042ce46dc /kernel
parent84fce9db4d7eaebd6cb2ee30c15da6d4e4daf846 (diff)
tracing: Fix possible out of bounds memory access when parsing enums
The code that replaces the enum names with the enum values in the tracepoints' format files could possible miss the end of string nul character. This was caused by processing things like backslashes, quotes and other tokens. After processing the tokens, a check for the nul character needed to be done before continuing the loop, because the loop incremented the pointer before doing the check, which could bypass the nul character. Link: http://lkml.kernel.org/r/552E661D.5060502@oracle.com Reported-by: Sasha Levin <sasha.levin@oracle.com> # via KASan Tested-by: Andrey Ryabinin <a.ryabinin@samsung.com> Fixes: 0c564a538aa9 "tracing: Add TRACE_DEFINE_ENUM() macro to map enums to their values" Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/trace/trace_events.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
index 36a957c996c7..b49c107f82ac 100644
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
@@ -1760,6 +1760,8 @@ static void update_event_printk(struct ftrace_event_call *call,
1760 ptr++; 1760 ptr++;
1761 /* Check for alpha chars like ULL */ 1761 /* Check for alpha chars like ULL */
1762 } while (isalnum(*ptr)); 1762 } while (isalnum(*ptr));
1763 if (!*ptr)
1764 break;
1763 /* 1765 /*
1764 * A number must have some kind of delimiter after 1766 * A number must have some kind of delimiter after
1765 * it, and we can ignore that too. 1767 * it, and we can ignore that too.
@@ -1786,12 +1788,16 @@ static void update_event_printk(struct ftrace_event_call *call,
1786 do { 1788 do {
1787 ptr++; 1789 ptr++;
1788 } while (isalnum(*ptr) || *ptr == '_'); 1790 } while (isalnum(*ptr) || *ptr == '_');
1791 if (!*ptr)
1792 break;
1789 /* 1793 /*
1790 * If what comes after this variable is a '.' or 1794 * If what comes after this variable is a '.' or
1791 * '->' then we can continue to ignore that string. 1795 * '->' then we can continue to ignore that string.
1792 */ 1796 */
1793 if (*ptr == '.' || (ptr[0] == '-' && ptr[1] == '>')) { 1797 if (*ptr == '.' || (ptr[0] == '-' && ptr[1] == '>')) {
1794 ptr += *ptr == '.' ? 1 : 2; 1798 ptr += *ptr == '.' ? 1 : 2;
1799 if (!*ptr)
1800 break;
1795 goto skip_more; 1801 goto skip_more;
1796 } 1802 }
1797 /* 1803 /*