| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Oct 2019 20:29:08 +0100
From: Jiri Olsa <jolsa@...hat.com>
To: Ian Rogers <irogers@...gle.com>
Cc: Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Namhyung Kim <namhyung@...nel.org>,
Jin Yao <yao.jin@...ux.intel.com>,
Song Liu <songliubraving@...com>, linux-kernel@...r.kernel.org,
Stephane Eranian <eranian@...gle.com>
Subject: Re: [PATCH] perf annotate: fix heap overflow
On Fri, Oct 25, 2019 at 08:56:44PM -0700, Ian Rogers wrote:
> Fix expand_tabs that copies the source lines '\0' and then appends
> another '\0' at a potentially out of bounds address.
not sure it could get out of bounds, but i think
the change is right, it matches the memcpy before
and I dont see reason to add +1
Acked-by: Jiri Olsa <jolsa@...nel.org>
thanks,
jirka
>
> Signed-off-by: Ian Rogers <irogers@...gle.com>
> ---
> tools/perf/util/annotate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
> index ef1866a902c4..bee0fee122f8 100644
> --- a/tools/perf/util/annotate.c
> +++ b/tools/perf/util/annotate.c
> @@ -1892,7 +1892,7 @@ static char *expand_tabs(char *line, char **storage, size_t *storage_len)
> }
>
> /* Expand the last region. */
> - len = line_len + 1 - src;
> + len = line_len - src;
> memcpy(&new_line[dst], &line[src], len);
> dst += len;
> new_line[dst] = '\0';
> --
> 2.24.0.rc0.303.g954a862665-goog
>
Powered by blists - more mailing lists