lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 9 Mar 2019 11:47:54 -0800
From:   tip-bot for Tony Jones <tipbot@...or.com>
To:     linux-tip-commits@...r.kernel.org
Cc:     rostedt@...dmis.org, acme@...hat.com, tonyj@...e.de, hpa@...or.com,
        mikesart@...tmail.com, fweisbec@...il.com, minipli@...glemail.com,
        linux-kernel@...r.kernel.org, mingo@...nel.org, tglx@...utronix.de
Subject: [tip:perf/urgent] tools lib traceevent: Fix buffer overflow in
 arg_eval

Commit-ID:  7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa
Gitweb:     https://git.kernel.org/tip/7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa
Author:     Tony Jones <tonyj@...e.de>
AuthorDate: Wed, 27 Feb 2019 17:55:32 -0800
Committer:  Arnaldo Carvalho de Melo <acme@...hat.com>
CommitDate: Thu, 28 Feb 2019 16:06:47 -0300

tools lib traceevent: Fix buffer overflow in arg_eval

Fix buffer overflow observed when running perf test.

The overflow is when trying to evaluate "1ULL << (64 - 1)" which is
resulting in -9223372036854775808 which overflows the 20 character
buffer.

If is possible this bug has been reported before but I still don't see
any fix checked in:

See: https://www.spinics.net/lists/linux-perf-users/msg07714.html

Reported-by: Michael Sartain <mikesart@...tmail.com>
Reported-by: Mathias Krause <minipli@...glemail.com>
Signed-off-by: Tony Jones <tonyj@...e.de>
Acked-by: Steven Rostedt (VMware) <rostedt@...dmis.org>
Cc: Frederic Weisbecker <fweisbec@...il.com>
Fixes: f7d82350e597 ("tools/events: Add files to create libtraceevent.a")
Link: http://lkml.kernel.org/r/20190228015532.8941-1-tonyj@suse.de
Signed-off-by: Arnaldo Carvalho de Melo <acme@...hat.com>
---
 tools/lib/traceevent/event-parse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c
index abd4fa5d3088..87494c7c619d 100644
--- a/tools/lib/traceevent/event-parse.c
+++ b/tools/lib/traceevent/event-parse.c
@@ -2457,7 +2457,7 @@ static int arg_num_eval(struct tep_print_arg *arg, long long *val)
 static char *arg_eval (struct tep_print_arg *arg)
 {
 	long long val;
-	static char buf[20];
+	static char buf[24];
 
 	switch (arg->type) {
 	case TEP_PRINT_ATOM:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ