| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Sep 2009 15:48:40 +0900
From: Paul Mundt <lethal@...ux-sh.org>
To: Li Zefan <lizf@...fujitsu.com>
Cc: Lai Jiangshan <laijs@...fujitsu.com>,
Sam Ravnborg <sam@...nborg.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org,
linux-kbuild@...r.kernel.org, Paulo Marques <pmarques@...popie.com>
Subject: Re: [PATCH] kallsyms: Fix segfault in prefix_underscores_count().
On Wed, Sep 16, 2009 at 02:28:54PM +0800, Li Zefan wrote:
> Paul Mundt wrote:
> > Commit b478b782e110fdb4135caa3062b6d687e989d994 "kallsyms, tracing:
> > output more proper symbol name" introduces a "bugfix" that introduces
> > a segfault in kallsyms in my configurations.
> >
> > The cause is the introduction of prefix_underscores_count() which
> > attempts to count underscores, even in symbols that do not have them.
> > As a result, it just uselessly runs past the end of the buffer until it
> > crashes:
> >
>
> But the fix looks obviously correct, as long as @str is guaranteed
> to be NULL-terminated.
>
> ...
> > @@ -584,9 +538,14 @@ static int may_be_linker_script_provide_symbol(const struct sym_entry *se)
> > static int prefix_underscores_count(const char *str)
> > {
> > const char *tail = str;
> > + size_t len = strlen(str);
> > +
> > + while (*tail != '_') {
> > + if (!len--)
> > + return 0;
> >
> > - while (*tail != '_')
> > tail++;
> > + }
>
> Can be simplified as:
>
> while (*tail != '\0' && *tail != '_')
> tail++;
>
> But..as the name "prefix_underscores_count" suggests, shouldn't
> it be:
> while (*tail == '_')
> tail++;
> ??
>
Yes, that was what I did initially as well, but the behaviour is not
exactly the same, and I wanted an explanation from Lai if there were some
other intentions for the code. In any event, simplifying it still manages
to do the right thing, so I'm fine with that.
------------------------
Subject: [PATCH] kallsyms: Fix segfault in prefix_underscores_count().
Commit b478b782e110fdb4135caa3062b6d687e989d994 "kallsyms, tracing:
output more proper symbol name" introduces a "bugfix" that introduces
a segfault in kallsyms in my configurations.
The cause is the introduction of prefix_underscores_count() which
attempts to count underscores, even in symbols that do not have them.
As a result, it just uselessly runs past the end of the buffer until it
crashes:
CC init/version.o
LD init/built-in.o
LD .tmp_vmlinux1
KSYM .tmp_kallsyms1.S
/bin/sh: line 1: 16934 Done sh-linux-gnu-nm -n .tmp_vmlinux1
16935 Segmentation fault | scripts/kallsyms > .tmp_kallsyms1.S
make: *** [.tmp_kallsyms1.S] Error 139
This simplifies the logic and just does a straightforward count.
Signed-off-by: Paul Mundt <lethal@...ux-sh.org>
---
scripts/kallsyms.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
index 64343cc..86c3896 100644
--- a/scripts/kallsyms.c
+++ b/scripts/kallsyms.c
@@ -585,7 +585,7 @@ static int prefix_underscores_count(const char *str)
{
const char *tail = str;
- while (*tail != '_')
+ while (*tail == '_')
tail++;
return tail - str;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists