[PATCH] Prevent normalize() from reading into undefined memory

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Prevent normalize() from reading into undefined memory
@ 2022-12-04 10:58 Sohom Datta
  2023-01-08 14:12 ` Jiri Olsa
  0 siblings, 1 reply; 3+ messages in thread
From: Sohom Datta @ 2022-12-04 10:58 UTC (permalink / raw)
  To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Mark Rutland, Alexander Shishkin, Jiri Olsa, Namhyung Kim
  Cc: Sohom Datta, linux-perf-users, linux-kernel

The current implementation does not account for a
trailing backslash followed by a null-byte. If a
null-byte is encountered following a backslash,
normalize() will continue reading (and potentially
writing) into garbage memory ignoring the EOS
null-byte.

Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com>
---
 tools/perf/util/expr.l | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l
index 0168a9637330..d47de5f270a8 100644
--- a/tools/perf/util/expr.l
+++ b/tools/perf/util/expr.l
@@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime)
 	char *dst = str;
 
 	while (*str) {
-		if (*str == '\\')
+		if (*str == '\\') {
 			*dst++ = *++str;
+			if (!*str)
+				break;
+		}
 		else if (*str == '?') {
 			char *paramval;
 			int i = 0;
-- 
2.38.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] Prevent normalize() from reading into undefined memory
  2022-12-04 10:58 [PATCH] Prevent normalize() from reading into undefined memory Sohom Datta
@ 2023-01-08 14:12 ` Jiri Olsa
       [not found]   ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com>
  0 siblings, 1 reply; 3+ messages in thread
From: Jiri Olsa @ 2023-01-08 14:12 UTC (permalink / raw)
  To: Sohom Datta
  Cc: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Mark Rutland, Alexander Shishkin, Namhyung Kim, Sohom Datta,
	linux-perf-users, linux-kernel

On Sun, Dec 04, 2022 at 04:28:35PM +0530, Sohom Datta wrote:
> The current implementation does not account for a
> trailing backslash followed by a null-byte. If a
> null-byte is encountered following a backslash,
> normalize() will continue reading (and potentially
> writing) into garbage memory ignoring the EOS
> null-byte.
> 
> Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com>

Acked-by: Jiri Olsa <jolsa@kernel.org>

thanks,
jirka

> ---
>  tools/perf/util/expr.l | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l
> index 0168a9637330..d47de5f270a8 100644
> --- a/tools/perf/util/expr.l
> +++ b/tools/perf/util/expr.l
> @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime)
>  	char *dst = str;
>  
>  	while (*str) {
> -		if (*str == '\\')
> +		if (*str == '\\') {
>  			*dst++ = *++str;
> +			if (!*str)
> +				break;
> +		}
>  		else if (*str == '?') {
>  			char *paramval;
>  			int i = 0;
> -- 
> 2.38.1
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] Prevent normalize() from reading into undefined memory
       [not found]   ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com>
@ 2023-01-18 13:37     ` Arnaldo Carvalho de Melo
  0 siblings, 0 replies; 3+ messages in thread
From: Arnaldo Carvalho de Melo @ 2023-01-18 13:37 UTC (permalink / raw)
  To: Ian Rogers
  Cc: Jiri Olsa, Sohom Datta, Peter Zijlstra, Ingo Molnar, Mark Rutland,
	Alexander Shishkin, Namhyung Kim, Sohom Datta, linux-perf-users,
	LKML

Em Sun, Jan 08, 2023 at 04:55:59PM -0800, Ian Rogers escreveu:
> On Sun, Jan 8, 2023, 6:13 AM Jiri Olsa <olsajiri@gmail.com> wrote:
> 
> > On Sun, Dec 04, 2022 at 04:28:35PM +0530, Sohom Datta wrote:
> > > The current implementation does not account for a
> > > trailing backslash followed by a null-byte. If a
> > > null-byte is encountered following a backslash,
> > > normalize() will continue reading (and potentially
> > > writing) into garbage memory ignoring the EOS
> > > null-byte.
> > >
> > > Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com>
> >
> > Acked-by: Jiri Olsa <jolsa@kernel.org>
> >
> > thanks,
> > jirka
> >
> 
> Acked-by: Ian Rogers <irogers@google.com>

Thanks, applied. Sorry for the delay, probably I didn't saw the "perf
tools: ' prefix in the subject and this fell thru the cracks :-\

Thanks to Ingo for pinging me about this, appreciated.

- Arnaldo
 
> Thanks,
> Ian
> 
> > ---
> > >  tools/perf/util/expr.l | 5 ++++-
> > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l
> > > index 0168a9637330..d47de5f270a8 100644
> > > --- a/tools/perf/util/expr.l
> > > +++ b/tools/perf/util/expr.l
> > > @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime)
> > >       char *dst = str;
> > >
> > >       while (*str) {
> > > -             if (*str == '\\')
> > > +             if (*str == '\\') {
> > >                       *dst++ = *++str;
> > > +                     if (!*str)
> > > +                             break;
> > > +             }
> > >               else if (*str == '?') {
> > >                       char *paramval;
> > >                       int i = 0;
> > > --
> > > 2.38.1
> > >
> >

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-01-18 14:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-04 10:58 [PATCH] Prevent normalize() from reading into undefined memory Sohom Datta
2023-01-08 14:12 ` Jiri Olsa
     [not found]   ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com>
2023-01-18 13:37     ` Arnaldo Carvalho de Melo

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.