| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAP4=nvTfYc5YmzYAoNEw7z4sjFEf3ANa7eFMXfmvp6kGxtS63Q@mail.gmail.com> Date: Thu, 28 Aug 2025 14:17:17 +0200 From: Tomas Glozar <tglozar@...hat.com> To: Ivan Pravdin <ipravdin.official@...il.com> Cc: rostedt@...dmis.org, corbet@....net, linux-trace-kernel@...r.kernel.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2 1/3] rtla: fix buffer overflow in actions_parse Ășt 12. 8. 2025 v 19:21 odesĂlatel Ivan Pravdin <ipravdin.official@...il.com> napsal: > > Currently, tests 3 and 13-22 in tests/timerlat.t fail with error: > > *** buffer overflow detected ***: terminated > timeout: the monitored command dumped core > > The result of running `sudo make check` is > > tests/timerlat.t (Wstat: 0 Tests: 22 Failed: 11) > Failed tests: 3, 13-22 > Files=3, Tests=34, 140 wallclock secs ( 0.07 usr 0.01 sys + 27.63 cusr > 27.96 csys = 55.67 CPU) > Result: FAIL > Interestingly, I don't get this failure on my machine. Maybe due to some compiler difference, the buffer overflow is not caught. Thank you for the fix. Since the "signal" field is next to the buffer, and is written after the strcpy, this might corrupt the PID number reading for a command like: $ rtla timerlat hist -D --on-threshold signal,num=2,pid=42 Reviewed-by: Tomas Glozar <tglozar@...hat.com> Tomas
Powered by blists - more mailing lists