| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZuGop61JahKH-UFi@x1>
Date: Wed, 11 Sep 2024 11:26:47 -0300
From: Arnaldo Carvalho de Melo <acme@...nel.org>
To: Ian Rogers <irogers@...gle.com>
Cc: Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>,
Namhyung Kim <namhyung@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>,
Adrian Hunter <adrian.hunter@...el.com>,
Kan Liang <kan.liang@...ux.intel.com>,
John Garry <john.g.garry@...cle.com>, Will Deacon <will@...nel.org>,
James Clark <james.clark@...aro.org>,
Mike Leach <mike.leach@...aro.org>, Leo Yan <leo.yan@...ux.dev>,
Ravi Bangoria <ravi.bangoria@....com>,
Weilin Wang <weilin.wang@...el.com>,
Jing Zhang <renyu.zj@...ux.alibaba.com>,
Xu Yang <xu.yang_2@....com>, Sandipan Das <sandipan.das@....com>,
Benjamin Gray <bgray@...ux.ibm.com>,
Athira Jajeev <atrajeev@...ux.vnet.ibm.com>,
Howard Chu <howardchu95@...il.com>,
Dominique Martinet <asmadeus@...ewreck.org>,
Yang Jihong <yangjihong@...edance.com>,
Colin Ian King <colin.i.king@...il.com>,
Veronika Molnarova <vmolnaro@...hat.com>,
"Dr. David Alan Gilbert" <linux@...blig.org>,
Oliver Upton <oliver.upton@...ux.dev>,
Changbin Du <changbin.du@...wei.com>, Ze Gao <zegao2021@...il.com>,
Andi Kleen <ak@...ux.intel.com>,
Clément Le Goffic <clement.legoffic@...s.st.com>,
Sun Haiyong <sunhaiyong@...ngson.cn>,
Junhao He <hejunhao3@...wei.com>,
Tiezhu Yang <yangtiezhu@...ngson.cn>,
Yicong Yang <yangyicong@...ilicon.com>,
linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v1 01/15] perf list: Avoid potential out of bounds memory
read
On Fri, Sep 06, 2024 at 10:08:16PM -0700, Ian Rogers wrote:
> If a desc string is 0 length then -1 will be out of bounds, add a
> check.
Cherry picked this one.
- Arnaldo
> Signed-off-by: Ian Rogers <irogers@...gle.com>
> ---
> tools/perf/builtin-list.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/builtin-list.c b/tools/perf/builtin-list.c
> index 82cb4b1010aa..65b8cba324be 100644
> --- a/tools/perf/builtin-list.c
> +++ b/tools/perf/builtin-list.c
> @@ -173,7 +173,7 @@ static void default_print_event(void *ps, const char *pmu_name, const char *topi
> if (pmu_name && strcmp(pmu_name, "default_core")) {
> desc_len = strlen(desc);
> desc_len = asprintf(&desc_with_unit,
> - desc[desc_len - 1] != '.'
> + desc_len > 0 && desc[desc_len - 1] != '.'
> ? "%s. Unit: %s" : "%s Unit: %s",
> desc, pmu_name);
> }
> --
> 2.46.0.469.g59c65b2a67-goog
Powered by blists - more mailing lists