lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZuGop61JahKH-UFi@x1>
Date: Wed, 11 Sep 2024 11:26:47 -0300
From: Arnaldo Carvalho de Melo <acme@...nel.org>
To: Ian Rogers <irogers@...gle.com>
Cc: Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>,
	Namhyung Kim <namhyung@...nel.org>,
	Mark Rutland <mark.rutland@....com>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	Jiri Olsa <jolsa@...nel.org>,
	Adrian Hunter <adrian.hunter@...el.com>,
	Kan Liang <kan.liang@...ux.intel.com>,
	John Garry <john.g.garry@...cle.com>, Will Deacon <will@...nel.org>,
	James Clark <james.clark@...aro.org>,
	Mike Leach <mike.leach@...aro.org>, Leo Yan <leo.yan@...ux.dev>,
	Ravi Bangoria <ravi.bangoria@....com>,
	Weilin Wang <weilin.wang@...el.com>,
	Jing Zhang <renyu.zj@...ux.alibaba.com>,
	Xu Yang <xu.yang_2@....com>, Sandipan Das <sandipan.das@....com>,
	Benjamin Gray <bgray@...ux.ibm.com>,
	Athira Jajeev <atrajeev@...ux.vnet.ibm.com>,
	Howard Chu <howardchu95@...il.com>,
	Dominique Martinet <asmadeus@...ewreck.org>,
	Yang Jihong <yangjihong@...edance.com>,
	Colin Ian King <colin.i.king@...il.com>,
	Veronika Molnarova <vmolnaro@...hat.com>,
	"Dr. David Alan Gilbert" <linux@...blig.org>,
	Oliver Upton <oliver.upton@...ux.dev>,
	Changbin Du <changbin.du@...wei.com>, Ze Gao <zegao2021@...il.com>,
	Andi Kleen <ak@...ux.intel.com>,
	Clément Le Goffic <clement.legoffic@...s.st.com>,
	Sun Haiyong <sunhaiyong@...ngson.cn>,
	Junhao He <hejunhao3@...wei.com>,
	Tiezhu Yang <yangtiezhu@...ngson.cn>,
	Yicong Yang <yangyicong@...ilicon.com>,
	linux-kernel@...r.kernel.org, linux-perf-users@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org
Subject: Re: [PATCH v1 01/15] perf list: Avoid potential out of bounds memory
 read

On Fri, Sep 06, 2024 at 10:08:16PM -0700, Ian Rogers wrote:
> If a desc string is 0 length then -1 will be out of bounds, add a
> check.

Cherry picked this one.

- Arnaldo
 
> Signed-off-by: Ian Rogers <irogers@...gle.com>
> ---
>  tools/perf/builtin-list.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/perf/builtin-list.c b/tools/perf/builtin-list.c
> index 82cb4b1010aa..65b8cba324be 100644
> --- a/tools/perf/builtin-list.c
> +++ b/tools/perf/builtin-list.c
> @@ -173,7 +173,7 @@ static void default_print_event(void *ps, const char *pmu_name, const char *topi
>  		if (pmu_name && strcmp(pmu_name, "default_core")) {
>  			desc_len = strlen(desc);
>  			desc_len = asprintf(&desc_with_unit,
> -					    desc[desc_len - 1] != '.'
> +					    desc_len > 0 && desc[desc_len - 1] != '.'
>  					      ? "%s. Unit: %s" : "%s Unit: %s",
>  					    desc, pmu_name);
>  		}
> -- 
> 2.46.0.469.g59c65b2a67-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ