| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190726193527.GA24867@kernel.org>
Date: Fri, 26 Jul 2019 16:35:27 -0300
From: Arnaldo Carvalho de Melo <arnaldo.melo@...il.com>
To: Numfor Mbiziwo-Tiapo <nums@...gle.com>
Cc: peterz@...radead.org, mingo@...hat.com,
alexander.shishkin@...ux.intel.com, jolsa@...hat.com,
namhyung@...nel.org, songliubraving@...com, mbd@...com,
linux-kernel@...r.kernel.org, irogers@...gle.com,
eranian@...gle.com
Subject: Re: [PATCH 2/3] Fix ordered-events.c array-bounds error
Em Wed, Jul 24, 2019 at 11:45:11AM -0700, Numfor Mbiziwo-Tiapo escreveu:
> Perf does not build with the ubsan (undefined behavior sanitizer)
> and there is an error that says:
>
> tools/perf/util/debug.h:38:2:
> error: array subscript is above array bounds [-Werror=array-bounds]
> eprintf_time(n, var, t, fmt, ##__VA_ARGS__)
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> tools/perf/util/debug.h:40:34:
> note: in expansion of macro ‘pr_time_N’
> #define pr_oe_time(t, fmt, ...) pr_time_N(1, debug_ordered_events,
> t, pr_fmt(fmt), ##__VA_ARGS__)
>
> util/ordered-events.c:329:2: note: in expansion of macro ‘pr_oe_time’
> pr_oe_time(oe->next_flush, "next_flush - ordered_events__flush
> POST %s, nr_events %u\n",
>
> This can be reproduced by running (from the tip directory):
> make -C tools/perf USE_CLANG=1 EXTRA_CFLAGS="-fsanitize=undefined"
>
> The error stems from the 'str' array in the __ordered_events__flush
> function in tools/perf/util/ordered-events.c. On line 319 of this
> file, they use values of the variable 'how' (which has the type enum
> oeflush - defined in ordered-events.h) as indices for the 'str' array.
> Since 'how' has 5 values and the 'str' array only has 3, when the 4th
> and 5th values of 'how' (OE_FLUSH__TOP and OE_FLUSH__TIME) are used as
> indices, this will go out of the bounds of the 'str' array.
> Adding the matching strings from the enum values into the 'str' array
> fixes this.
>
> Signed-off-by: Numfor Mbiziwo-Tiapo <nums@...gle.com>
> ---
> tools/perf/util/ordered-events.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/tools/perf/util/ordered-events.c b/tools/perf/util/ordered-events.c
> index 897589507d97..c092b0c39d2b 100644
> --- a/tools/perf/util/ordered-events.c
> +++ b/tools/perf/util/ordered-events.c
> @@ -270,6 +270,8 @@ static int __ordered_events__flush(struct ordered_events *oe, enum oe_flush how,
> "FINAL",
> "ROUND",
> "HALF ",
> + "TOP",
> + "TIME",
> };
> int err;
> bool show_progress = false;
Humm, this was fixed already by:
commit 1e5b0cf8672e622257df024074e6e09bfbcb7750
Author: Changbin Du <changbin.du@...il.com>
Date: Sat Mar 16 16:05:52 2019 +0800
perf top: Fix global-buffer-overflow issue
The array str[] should have six elements.
=================================================================
==4322==ERROR: AddressSanitizer: global-buffer-overflow on address 0x56463844e300 at pc 0x564637e7ad0d bp 0x7f30c8c89d10 sp 0x7f30c8c89d00
READ of size 8 at 0x56463844e300 thread T9
#0 0x564637e7ad0c in __ordered_events__flush util/ordered-events.c:316
#1 0x564637e7b0e4 in ordered_events__flush util/ordered-events.c:338
#2 0x564637c6a57d in process_thread /home/changbin/work/linux/tools/perf/builtin-top.c:1073
#3 0x7f30d173a163 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8163)
#4 0x7f30cfffbdee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11adee)
Powered by blists - more mailing lists