lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <tip-c0664893050cc6b2d8b02d3e035f82fbfd0cd4cf@git.kernel.org>
Date:	Wed, 27 Apr 2016 08:33:36 -0700
From:	tip-bot for Colin Ian King <tipbot@...or.com>
To:	linux-tip-commits@...r.kernel.org
Cc:	acme@...hat.com, colin.king@...onical.com,
	linux-kernel@...r.kernel.org, mingo@...nel.org,
	alexander.shishkin@...ux.intel.com, tglx@...utronix.de,
	hpa@...or.com, peterz@...radead.org, adrian.hunter@...el.com
Subject: [tip:perf/core] perf intel-pt: Fix off-by-one comparison on maximum
 code

Commit-ID:  c0664893050cc6b2d8b02d3e035f82fbfd0cd4cf
Gitweb:     http://git.kernel.org/tip/c0664893050cc6b2d8b02d3e035f82fbfd0cd4cf
Author:     Colin Ian King <colin.king@...onical.com>
AuthorDate: Sun, 24 Apr 2016 19:56:43 +0100
Committer:  Arnaldo Carvalho de Melo <acme@...hat.com>
CommitDate: Mon, 25 Apr 2016 20:35:59 -0300

perf intel-pt: Fix off-by-one comparison on maximum code

The check for the maximum code is off-by-one; the current comparison of
a code that is INTEL_PT_ERR_MAX will cause the strlcpy to perform an out
of bounds array access on the intel_pt_err_msgs array.

Fix this with a >= comparison.

Signed-off-by: Colin Ian King <colin.king@...onical.com>
Cc: Adrian Hunter <adrian.hunter@...el.com>
Cc: Alexander Shishkin <alexander.shishkin@...ux.intel.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Link: http://lkml.kernel.org/r/1461524203-10224-1-git-send-email-colin.king@canonical.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
---
 tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
index 9409d01..9c8f15d 100644
--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
@@ -356,7 +356,7 @@ static const char *intel_pt_err_msgs[] = {
 
 int intel_pt__strerror(int code, char *buf, size_t buflen)
 {
-	if (code < 1 || code > INTEL_PT_ERR_MAX)
+	if (code < 1 || code >= INTEL_PT_ERR_MAX)
 		code = INTEL_PT_ERR_UNK;
 	strlcpy(buf, intel_pt_err_msgs[code], buflen);
 	return 0;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ