From: Wander Lairson Costa <wander@redhat.com>
To: Steven Rostedt <rostedt@goodmis.org>,
Tomas Glozar <tglozar@redhat.com>,
Wander Lairson Costa <wander@redhat.com>,
Ivan Pravdin <ipravdin.official@gmail.com>,
Crystal Wood <crwood@redhat.com>,
Costa Shulyupin <costa.shul@redhat.com>,
John Kacur <jkacur@redhat.com>,
Tiezhu Yang <yangtiezhu@loongson.cn>,
linux-trace-kernel@vger.kernel.org (open list:Real-time Linux
Analysis (RTLA) tools),
linux-kernel@vger.kernel.org (open list:Real-time Linux Analysis
(RTLA) tools),
bpf@vger.kernel.org (open list:BPF
[MISC]:Keyword:(?:\b|_)bpf(?:\b|_))
Subject: [PATCH v2 12/18] rtla: Fix NULL pointer dereference in actions_parse
Date: Tue, 6 Jan 2026 08:49:48 -0300 [thread overview]
Message-ID: <20260106133655.249887-13-wander@redhat.com> (raw)
In-Reply-To: <20260106133655.249887-1-wander@redhat.com>
The actions_parse() function uses strtok() to tokenize the trigger
string, but does not check if the returned token is NULL before
passing it to strcmp(). If the trigger parameter is an empty string
or contains only delimiter characters, strtok() returns NULL, causing
strcmp() to dereference a NULL pointer and crash the program.
This issue can be triggered by malformed user input or edge cases in
trigger string parsing. Add a NULL check immediately after the strtok()
call to validate that a token was successfully extracted before using
it. If no token is found, the function now returns -1 to indicate a
parsing error.
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
---
tools/tracing/rtla/src/actions.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/tracing/rtla/src/actions.c b/tools/tracing/rtla/src/actions.c
index 00bbc94dec1bd..b0d68b5de08db 100644
--- a/tools/tracing/rtla/src/actions.c
+++ b/tools/tracing/rtla/src/actions.c
@@ -153,6 +153,8 @@ actions_parse(struct actions *self, const char *trigger, const char *tracefn)
strcpy(trigger_c, trigger);
token = strtok(trigger_c, ",");
+ if (!token)
+ return -1;
if (strcmp(token, "trace") == 0)
type = ACTION_TRACE_OUTPUT;
--
2.52.0
next prev parent reply other threads:[~2026-01-06 13:45 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-06 11:49 [PATCH v2 00/18] rtla: Code quality and robustness improvements Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 01/18] rtla: Exit on memory allocation failures during initialization Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 02/18] rtla: Use strdup() to simplify code Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 03/18] rtla: Introduce for_each_action() helper Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 04/18] rtla: Replace atoi() with a robust strtoi() Wander Lairson Costa
2026-01-12 12:27 ` Costa Shulyupin
2026-01-12 12:39 ` Tomas Glozar
2026-01-06 11:49 ` [PATCH v2 05/18] rtla: Simplify argument parsing Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 06/18] rtla: Use strncmp_static() in more places Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 07/18] rtla: Introduce common_restart() helper Wander Lairson Costa
2026-01-07 12:03 ` Tomas Glozar
2026-01-07 12:43 ` Wander Lairson Costa
2026-01-07 13:47 ` Tomas Glozar
2026-01-07 13:50 ` Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 08/18] rtla: Use standard exit codes for result enum Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 09/18] rtla: Remove redundant memset after calloc Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 10/18] rtla: Replace magic number with MAX_PATH Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 11/18] rtla: Remove unused headers Wander Lairson Costa
2026-01-06 11:49 ` Wander Lairson Costa [this message]
2026-01-06 11:49 ` [PATCH v2 13/18] rtla: Fix buffer size for strncpy in timerlat_aa Wander Lairson Costa
2026-01-06 16:03 ` Steven Rostedt
2026-01-07 13:20 ` Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 14/18] rtla: Add generated output files to gitignore Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 15/18] rtla: Make stop_tracing variable volatile Wander Lairson Costa
2026-01-06 16:05 ` Steven Rostedt
2026-01-06 17:47 ` Crystal Wood
2026-01-07 13:24 ` Wander Lairson Costa
2026-01-07 16:31 ` Steven Rostedt
2026-01-06 11:49 ` [PATCH v2 16/18] rtla: Ensure null termination after read operations in utils.c Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 17/18] rtla: Fix parse_cpu_set() return value documentation Wander Lairson Costa
2026-01-06 11:49 ` [PATCH v2 18/18] rtla: Simplify code by caching string lengths Wander Lairson Costa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260106133655.249887-13-wander@redhat.com \
--to=wander@redhat.com \
--cc=bpf@vger.kernel.org \
--cc=costa.shul@redhat.com \
--cc=crwood@redhat.com \
--cc=ipravdin.official@gmail.com \
--cc=jkacur@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=tglozar@redhat.com \
--cc=yangtiezhu@loongson.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox