Re: [PATCH] tracing: Correct the length check which causes memory corruption

From: Steven Rostedt
Date: Mon Jun 07 2021 - 11:34:20 EST

Next message: Hans de Goede: "Re: [PATCH] staging: rtl8723bs: Use list iterators and helpers"
Previous message: Hans de Goede: "Re: [PATCH] brcmfmac: Add clm_blob firmware files to modinfo"
In reply to: James Wang: "Re: [PATCH] tracing: Correct the length check which causes memory corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 7 Jun 2021 20:57:34 +0800
Liangyan <liangyan.peng@xxxxxxxxxxxxxxxxx> wrote:

> commit b220c049d519 ("tracing: Check length before giving out
> the filter buffer") adds length check to protect trace data
> overflow introduced in 0fc1b09ff1ff, seems that this fix can't prevent
> overflow entirely, the length check should also take the sizeof
> entry->array[0] into account, since this array[0] is filled the
> length of trace data and occupy addtional space and risk overflow.

Bah, you're right! I didn't take into account that when the event is
this big, array[] will have content.

I queued the patch and will start testing it.

Thanks!

-- Steve

Next message: Hans de Goede: "Re: [PATCH] staging: rtl8723bs: Use list iterators and helpers"
Previous message: Hans de Goede: "Re: [PATCH] brcmfmac: Add clm_blob firmware files to modinfo"
In reply to: James Wang: "Re: [PATCH] tracing: Correct the length check which causes memory corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]