lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090916064840.GC5805@linux-sh.org>
Date:	Wed, 16 Sep 2009 15:48:40 +0900
From:	Paul Mundt <lethal@...ux-sh.org>
To:	Li Zefan <lizf@...fujitsu.com>
Cc:	Lai Jiangshan <laijs@...fujitsu.com>,
	Sam Ravnborg <sam@...nborg.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org,
	linux-kbuild@...r.kernel.org, Paulo Marques <pmarques@...popie.com>
Subject: Re: [PATCH] kallsyms: Fix segfault in prefix_underscores_count().

On Wed, Sep 16, 2009 at 02:28:54PM +0800, Li Zefan wrote:
> Paul Mundt wrote:
> > Commit b478b782e110fdb4135caa3062b6d687e989d994 "kallsyms, tracing:
> > output more proper symbol name" introduces a "bugfix" that introduces
> > a segfault in kallsyms in my configurations.
> > 
> > The cause is the introduction of prefix_underscores_count() which
> > attempts to count underscores, even in symbols that do not have them.
> > As a result, it just uselessly runs past the end of the buffer until it
> > crashes:
> > 
> 
> But the fix looks obviously correct, as long as @str is guaranteed
> to be NULL-terminated.
> 
> ...
> > @@ -584,9 +538,14 @@ static int may_be_linker_script_provide_symbol(const struct sym_entry *se)
> >  static int prefix_underscores_count(const char *str)
> >  {
> >  	const char *tail = str;
> > +	size_t len = strlen(str);
> > +
> > +	while (*tail != '_') {
> > +		if (!len--)
> > +			return 0;
> >  
> > -	while (*tail != '_')
> >  		tail++;
> > +	}
> 
> Can be simplified as:
> 
> 	while (*tail != '\0' && *tail != '_')
> 		tail++;
> 
> But..as the name "prefix_underscores_count" suggests, shouldn't
> it be:
> 	while (*tail == '_')
> 		tail++;
> ??
> 
Yes, that was what I did initially as well, but the behaviour is not
exactly the same, and I wanted an explanation from Lai if there were some
other intentions for the code. In any event, simplifying it still manages
to do the right thing, so I'm fine with that.

------------------------
Subject: [PATCH] kallsyms: Fix segfault in prefix_underscores_count().

Commit b478b782e110fdb4135caa3062b6d687e989d994 "kallsyms, tracing:
output more proper symbol name" introduces a "bugfix" that introduces
a segfault in kallsyms in my configurations.

The cause is the introduction of prefix_underscores_count() which
attempts to count underscores, even in symbols that do not have them.
As a result, it just uselessly runs past the end of the buffer until it
crashes:

  CC      init/version.o
  LD      init/built-in.o
  LD      .tmp_vmlinux1
  KSYM    .tmp_kallsyms1.S
/bin/sh: line 1: 16934 Done                    sh-linux-gnu-nm -n .tmp_vmlinux1
     16935 Segmentation fault      | scripts/kallsyms > .tmp_kallsyms1.S
make: *** [.tmp_kallsyms1.S] Error 139

This simplifies the logic and just does a straightforward count.

Signed-off-by: Paul Mundt <lethal@...ux-sh.org>

---

 scripts/kallsyms.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
index 64343cc..86c3896 100644
--- a/scripts/kallsyms.c
+++ b/scripts/kallsyms.c
@@ -585,7 +585,7 @@ static int prefix_underscores_count(const char *str)
 {
 	const char *tail = str;
 
-	while (*tail != '_')
+	while (*tail == '_')
 		tail++;
 
 	return tail - str;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ