* [PATCH] Prevent normalize() from reading into undefined memory @ 2022-12-04 10:58 Sohom Datta 2023-01-08 14:12 ` Jiri Olsa 0 siblings, 1 reply; 3+ messages in thread From: Sohom Datta @ 2022-12-04 10:58 UTC (permalink / raw) To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo, Mark Rutland, Alexander Shishkin, Jiri Olsa, Namhyung Kim Cc: Sohom Datta, linux-perf-users, linux-kernel The current implementation does not account for a trailing backslash followed by a null-byte. If a null-byte is encountered following a backslash, normalize() will continue reading (and potentially writing) into garbage memory ignoring the EOS null-byte. Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com> --- tools/perf/util/expr.l | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l index 0168a9637330..d47de5f270a8 100644 --- a/tools/perf/util/expr.l +++ b/tools/perf/util/expr.l @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime) char *dst = str; while (*str) { - if (*str == '\\') + if (*str == '\\') { *dst++ = *++str; + if (!*str) + break; + } else if (*str == '?') { char *paramval; int i = 0; -- 2.38.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Prevent normalize() from reading into undefined memory 2022-12-04 10:58 [PATCH] Prevent normalize() from reading into undefined memory Sohom Datta @ 2023-01-08 14:12 ` Jiri Olsa [not found] ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com> 0 siblings, 1 reply; 3+ messages in thread From: Jiri Olsa @ 2023-01-08 14:12 UTC (permalink / raw) To: Sohom Datta Cc: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo, Mark Rutland, Alexander Shishkin, Namhyung Kim, Sohom Datta, linux-perf-users, linux-kernel On Sun, Dec 04, 2022 at 04:28:35PM +0530, Sohom Datta wrote: > The current implementation does not account for a > trailing backslash followed by a null-byte. If a > null-byte is encountered following a backslash, > normalize() will continue reading (and potentially > writing) into garbage memory ignoring the EOS > null-byte. > > Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com> Acked-by: Jiri Olsa <jolsa@kernel.org> thanks, jirka > --- > tools/perf/util/expr.l | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l > index 0168a9637330..d47de5f270a8 100644 > --- a/tools/perf/util/expr.l > +++ b/tools/perf/util/expr.l > @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime) > char *dst = str; > > while (*str) { > - if (*str == '\\') > + if (*str == '\\') { > *dst++ = *++str; > + if (!*str) > + break; > + } > else if (*str == '?') { > char *paramval; > int i = 0; > -- > 2.38.1 > ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com>]
* Re: [PATCH] Prevent normalize() from reading into undefined memory [not found] ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com> @ 2023-01-18 13:37 ` Arnaldo Carvalho de Melo 0 siblings, 0 replies; 3+ messages in thread From: Arnaldo Carvalho de Melo @ 2023-01-18 13:37 UTC (permalink / raw) To: Ian Rogers Cc: Jiri Olsa, Sohom Datta, Peter Zijlstra, Ingo Molnar, Mark Rutland, Alexander Shishkin, Namhyung Kim, Sohom Datta, linux-perf-users, LKML Em Sun, Jan 08, 2023 at 04:55:59PM -0800, Ian Rogers escreveu: > On Sun, Jan 8, 2023, 6:13 AM Jiri Olsa <olsajiri@gmail.com> wrote: > > > On Sun, Dec 04, 2022 at 04:28:35PM +0530, Sohom Datta wrote: > > > The current implementation does not account for a > > > trailing backslash followed by a null-byte. If a > > > null-byte is encountered following a backslash, > > > normalize() will continue reading (and potentially > > > writing) into garbage memory ignoring the EOS > > > null-byte. > > > > > > Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com> > > > > Acked-by: Jiri Olsa <jolsa@kernel.org> > > > > thanks, > > jirka > > > > Acked-by: Ian Rogers <irogers@google.com> Thanks, applied. Sorry for the delay, probably I didn't saw the "perf tools: ' prefix in the subject and this fell thru the cracks :-\ Thanks to Ingo for pinging me about this, appreciated. - Arnaldo > Thanks, > Ian > > > --- > > > tools/perf/util/expr.l | 5 ++++- > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l > > > index 0168a9637330..d47de5f270a8 100644 > > > --- a/tools/perf/util/expr.l > > > +++ b/tools/perf/util/expr.l > > > @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime) > > > char *dst = str; > > > > > > while (*str) { > > > - if (*str == '\\') > > > + if (*str == '\\') { > > > *dst++ = *++str; > > > + if (!*str) > > > + break; > > > + } > > > else if (*str == '?') { > > > char *paramval; > > > int i = 0; > > > -- > > > 2.38.1 > > > > > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-01-18 14:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-04 10:58 [PATCH] Prevent normalize() from reading into undefined memory Sohom Datta
2023-01-08 14:12 ` Jiri Olsa
[not found] ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com>
2023-01-18 13:37 ` Arnaldo Carvalho de Melo
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.