| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Mar 2018 17:33:54 +0000
From: Colin King <colin.king@...onical.com>
To: Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...hat.com>,
Namhyung Kim <namhyung@...nel.org>
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH][next] perf tests: fix out of bounds access on array fd when cnt is 100
From: Colin Ian King <colin.king@...onical.com>
Currently when cnt is 100 an array bounds overflow occurs on the assignment
of fd[cnt]. Fix this by performing the bounds check on cnt before writing
to fd.
Detected by cppcheck:
tools/perf/tests/bp_account.c:115: (warning) Either the condition
'cnt==100' is redundant or the array 'fd[100]' is accessed at index 100,
which is out of bounds.
Fixes: 032db28e5fa3 ("perf tests: Add breakpoint accounting/modify test")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
tools/perf/tests/bp_account.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/tools/perf/tests/bp_account.c b/tools/perf/tests/bp_account.c
index 2f75fa0c4fef..9e88d7608951 100644
--- a/tools/perf/tests/bp_account.c
+++ b/tools/perf/tests/bp_account.c
@@ -107,16 +107,14 @@ static int detect_cnt(bool is_x)
int fd[100], cnt = 0, i;
while (1) {
- fd[cnt] = __event(is_x, addr, &attr);
-
- if (fd[cnt] < 0)
- break;
-
if (cnt == 100) {
pr_debug("way too many debug registers, fix the test\n");
return 0;
}
+ fd[cnt] = __event(is_x, addr, &attr);
+ if (fd[cnt] < 0)
+ break;
cnt++;
}
--
2.15.1
Powered by blists - more mailing lists