[PATCH] Prevent normalize() from reading into undefined memory

linux-perf-users.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] Prevent normalize() from reading into undefined memory
@ 2022-12-04 10:58 Sohom Datta
  2023-01-08 14:12 ` Jiri Olsa
  0 siblings, 1 reply; 3+ messages in thread
From: Sohom Datta @ 2022-12-04 10:58 UTC (permalink / raw)
  To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Mark Rutland, Alexander Shishkin, Jiri Olsa, Namhyung Kim
  Cc: Sohom Datta, linux-perf-users, linux-kernel

The current implementation does not account for a
trailing backslash followed by a null-byte. If a
null-byte is encountered following a backslash,
normalize() will continue reading (and potentially
writing) into garbage memory ignoring the EOS
null-byte.

Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com>
---
 tools/perf/util/expr.l | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l
index 0168a9637330..d47de5f270a8 100644
--- a/tools/perf/util/expr.l
+++ b/tools/perf/util/expr.l
@@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime)
 	char *dst = str;
 
 	while (*str) {
-		if (*str == '\\')
+		if (*str == '\\') {
 			*dst++ = *++str;
+			if (!*str)
+				break;
+		}
 		else if (*str == '?') {
 			char *paramval;
 			int i = 0;
-- 
2.38.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] Prevent normalize() from reading into undefined memory
  2022-12-04 10:58 [PATCH] Prevent normalize() from reading into undefined memory Sohom Datta
@ 2023-01-08 14:12 ` Jiri Olsa
       [not found]   ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com>
  0 siblings, 1 reply; 3+ messages in thread
From: Jiri Olsa @ 2023-01-08 14:12 UTC (permalink / raw)
  To: Sohom Datta
  Cc: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Mark Rutland, Alexander Shishkin, Namhyung Kim, Sohom Datta,
	linux-perf-users, linux-kernel

On Sun, Dec 04, 2022 at 04:28:35PM +0530, Sohom Datta wrote:
> The current implementation does not account for a
> trailing backslash followed by a null-byte. If a
> null-byte is encountered following a backslash,
> normalize() will continue reading (and potentially
> writing) into garbage memory ignoring the EOS
> null-byte.
> 
> Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com>

Acked-by: Jiri Olsa <jolsa@kernel.org>

thanks,
jirka

> ---
>  tools/perf/util/expr.l | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l
> index 0168a9637330..d47de5f270a8 100644
> --- a/tools/perf/util/expr.l
> +++ b/tools/perf/util/expr.l
> @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime)
>  	char *dst = str;
>  
>  	while (*str) {
> -		if (*str == '\\')
> +		if (*str == '\\') {
>  			*dst++ = *++str;
> +			if (!*str)
> +				break;
> +		}
>  		else if (*str == '?') {
>  			char *paramval;
>  			int i = 0;
> -- 
> 2.38.1
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] Prevent normalize() from reading into undefined memory
       [not found]   ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com>
@ 2023-01-18 13:37     ` Arnaldo Carvalho de Melo
  0 siblings, 0 replies; 3+ messages in thread
From: Arnaldo Carvalho de Melo @ 2023-01-18 13:37 UTC (permalink / raw)
  To: Ian Rogers
  Cc: Jiri Olsa, Sohom Datta, Peter Zijlstra, Ingo Molnar, Mark Rutland,
	Alexander Shishkin, Namhyung Kim, Sohom Datta, linux-perf-users,
	LKML

Em Sun, Jan 08, 2023 at 04:55:59PM -0800, Ian Rogers escreveu:
> On Sun, Jan 8, 2023, 6:13 AM Jiri Olsa <olsajiri@gmail.com> wrote:
> 
> > On Sun, Dec 04, 2022 at 04:28:35PM +0530, Sohom Datta wrote:
> > > The current implementation does not account for a
> > > trailing backslash followed by a null-byte. If a
> > > null-byte is encountered following a backslash,
> > > normalize() will continue reading (and potentially
> > > writing) into garbage memory ignoring the EOS
> > > null-byte.
> > >
> > > Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com>
> >
> > Acked-by: Jiri Olsa <jolsa@kernel.org>
> >
> > thanks,
> > jirka
> >
> 
> Acked-by: Ian Rogers <irogers@google.com>

Thanks, applied. Sorry for the delay, probably I didn't saw the "perf
tools: ' prefix in the subject and this fell thru the cracks :-\

Thanks to Ingo for pinging me about this, appreciated.

- Arnaldo
 
> Thanks,
> Ian
> 
> > ---
> > >  tools/perf/util/expr.l | 5 ++++-
> > >  1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l
> > > index 0168a9637330..d47de5f270a8 100644
> > > --- a/tools/perf/util/expr.l
> > > +++ b/tools/perf/util/expr.l
> > > @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime)
> > >       char *dst = str;
> > >
> > >       while (*str) {
> > > -             if (*str == '\\')
> > > +             if (*str == '\\') {
> > >                       *dst++ = *++str;
> > > +                     if (!*str)
> > > +                             break;
> > > +             }
> > >               else if (*str == '?') {
> > >                       char *paramval;
> > >                       int i = 0;
> > > --
> > > 2.38.1
> > >
> >

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-01-18 14:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-04 10:58 [PATCH] Prevent normalize() from reading into undefined memory Sohom Datta
2023-01-08 14:12 ` Jiri Olsa
     [not found]   ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com>
2023-01-18 13:37     ` Arnaldo Carvalho de Melo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).