From: Steven Rostedt <rostedt@goodmis.org>
To: Wander Lairson Costa <wander@redhat.com>
Cc: Tomas Glozar <tglozar@redhat.com>,
Crystal Wood <crwood@redhat.com>,
Ivan Pravdin <ipravdin.official@gmail.com>,
Costa Shulyupin <costa.shul@redhat.com>,
John Kacur <jkacur@redhat.com>,
Tiezhu Yang <yangtiezhu@loongson.cn>,
linux-trace-kernel@vger.kernel.org (open list:Real-time Linux
Analysis (RTLA) tools),
linux-kernel@vger.kernel.org (open list:Real-time Linux Analysis
(RTLA) tools),
bpf@vger.kernel.org (open list:BPF
[MISC]:Keyword:(?:\b|_)bpf(?:\b|_))
Subject: Re: [PATCH v2 13/18] rtla: Fix buffer size for strncpy in timerlat_aa
Date: Tue, 6 Jan 2026 11:03:32 -0500 [thread overview]
Message-ID: <20260106110332.4b46ed80@gandalf.local.home> (raw)
In-Reply-To: <20260106133655.249887-14-wander@redhat.com>
On Tue, 6 Jan 2026 08:49:49 -0300
Wander Lairson Costa <wander@redhat.com> wrote:
> The run_thread_comm and current_comm character arrays in struct
> timerlat_aa_data are defined with size MAX_COMM (24 bytes), but
> strncpy() is called with MAX_COMM as the size parameter. If the
> source string is exactly MAX_COMM bytes or longer, strncpy() will
> copy exactly MAX_COMM bytes without null termination, potentially
> causing buffer overruns when these strings are later used.
We should implement something like the kernel has of "strscpy()" which not
only truncates but also adds a null terminating byte.
>
> Increase the buffer sizes to MAX_COMM+1 to ensure there is always
> room for the null terminator. This guarantees that even when strncpy()
> copies the maximum number of characters, the buffer remains properly
> null-terminated and safe to use in subsequent string operations.
>
> Signed-off-by: Wander Lairson Costa <wander@redhat.com>
> ---
> tools/tracing/rtla/src/timerlat_aa.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tools/tracing/rtla/src/timerlat_aa.c b/tools/tracing/rtla/src/timerlat_aa.c
> index 31e66ea2b144c..d310fe65abace 100644
> --- a/tools/tracing/rtla/src/timerlat_aa.c
> +++ b/tools/tracing/rtla/src/timerlat_aa.c
> @@ -47,7 +47,7 @@ struct timerlat_aa_data {
> * note: "unsigned long long" because they are fetch using tep_get_field_val();
> */
> unsigned long long run_thread_pid;
> - char run_thread_comm[MAX_COMM];
> + char run_thread_comm[MAX_COMM+1];
The reason why I suggest strscpy() is because now you just made every this
unaligned in the struct. 24 bytes fits nicely as 3 8 byte words. Now by
adding another byte, you just added 7 bytes of useless padding between this
and the next field.
-- Steve
> unsigned long long thread_blocking_duration;
> unsigned long long max_exit_idle_latency;
>
> @@ -88,7 +88,7 @@ struct timerlat_aa_data {
> /*
> * Current thread.
> */
> - char current_comm[MAX_COMM];
> + char current_comm[MAX_COMM+1];
> unsigned long long current_pid;
>
> /*
next prev parent reply other threads:[~2026-01-06 16:03 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-06 11:49 [PATCH v2 00/18] rtla: Code quality and robustness improvements Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 01/18] rtla: Exit on memory allocation failures during initialization Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 02/18] rtla: Use strdup() to simplify code Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 03/18] rtla: Introduce for_each_action() helper Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 04/18] rtla: Replace atoi() with a robust strtoi() Wander Lairson Costa
2026-01-12 12:27 ` Costa Shulyupin
2026-01-12 12:39 ` Tomas Glozar
2026-01-06 11:49 ` [PATCH v2 05/18] rtla: Simplify argument parsing Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 06/18] rtla: Use strncmp_static() in more places Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 07/18] rtla: Introduce common_restart() helper Wander Lairson Costa
2026-01-07 12:03 ` Tomas Glozar
2026-01-07 12:43 ` Wander Lairson Costa
2026-01-07 13:47 ` Tomas Glozar
2026-01-07 13:50 ` Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 08/18] rtla: Use standard exit codes for result enum Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 09/18] rtla: Remove redundant memset after calloc Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 10/18] rtla: Replace magic number with MAX_PATH Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 11/18] rtla: Remove unused headers Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 12/18] rtla: Fix NULL pointer dereference in actions_parse Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 13/18] rtla: Fix buffer size for strncpy in timerlat_aa Wander Lairson Costa
2026-01-06 16:03 ` Steven Rostedt [this message]
2026-01-07 13:20 ` Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 14/18] rtla: Add generated output files to gitignore Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 15/18] rtla: Make stop_tracing variable volatile Wander Lairson Costa
2026-01-06 16:05 ` Steven Rostedt
2026-01-06 17:47 ` Crystal Wood
2026-01-07 13:24 ` Wander Lairson Costa
2026-01-07 16:31 ` Steven Rostedt
2026-01-06 11:49 ` [PATCH v2 16/18] rtla: Ensure null termination after read operations in utils.c Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 17/18] rtla: Fix parse_cpu_set() return value documentation Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 18/18] rtla: Simplify code by caching string lengths Wander Lairson Costa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260106110332.4b46ed80@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=bpf@vger.kernel.org \
--cc=costa.shul@redhat.com \
--cc=crwood@redhat.com \
--cc=ipravdin.official@gmail.com \
--cc=jkacur@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=tglozar@redhat.com \
--cc=wander@redhat.com \
--cc=yangtiezhu@loongson.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox