* [PATCH] Prevent normalize() from reading into undefined memory @ 2022-12-04 10:58 Sohom Datta 2023-01-08 14:12 ` Jiri Olsa 0 siblings, 1 reply; 3+ messages in thread From: Sohom Datta @ 2022-12-04 10:58 UTC (permalink / raw) To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo, Mark Rutland, Alexander Shishkin, Jiri Olsa, Namhyung Kim Cc: Sohom Datta, linux-perf-users, linux-kernel The current implementation does not account for a trailing backslash followed by a null-byte. If a null-byte is encountered following a backslash, normalize() will continue reading (and potentially writing) into garbage memory ignoring the EOS null-byte. Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com> --- tools/perf/util/expr.l | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l index 0168a9637330..d47de5f270a8 100644 --- a/tools/perf/util/expr.l +++ b/tools/perf/util/expr.l @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime) char *dst = str; while (*str) { - if (*str == '\\') + if (*str == '\\') { *dst++ = *++str; + if (!*str) + break; + } else if (*str == '?') { char *paramval; int i = 0; -- 2.38.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Prevent normalize() from reading into undefined memory 2022-12-04 10:58 [PATCH] Prevent normalize() from reading into undefined memory Sohom Datta @ 2023-01-08 14:12 ` Jiri Olsa [not found] ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com> 0 siblings, 1 reply; 3+ messages in thread From: Jiri Olsa @ 2023-01-08 14:12 UTC (permalink / raw) To: Sohom Datta Cc: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo, Mark Rutland, Alexander Shishkin, Namhyung Kim, Sohom Datta, linux-perf-users, linux-kernel On Sun, Dec 04, 2022 at 04:28:35PM +0530, Sohom Datta wrote: > The current implementation does not account for a > trailing backslash followed by a null-byte. If a > null-byte is encountered following a backslash, > normalize() will continue reading (and potentially > writing) into garbage memory ignoring the EOS > null-byte. > > Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com> Acked-by: Jiri Olsa <jolsa@kernel.org> thanks, jirka > --- > tools/perf/util/expr.l | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l > index 0168a9637330..d47de5f270a8 100644 > --- a/tools/perf/util/expr.l > +++ b/tools/perf/util/expr.l > @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime) > char *dst = str; > > while (*str) { > - if (*str == '\\') > + if (*str == '\\') { > *dst++ = *++str; > + if (!*str) > + break; > + } > else if (*str == '?') { > char *paramval; > int i = 0; > -- > 2.38.1 > ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com>]
* Re: [PATCH] Prevent normalize() from reading into undefined memory [not found] ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com> @ 2023-01-18 13:37 ` Arnaldo Carvalho de Melo 0 siblings, 0 replies; 3+ messages in thread From: Arnaldo Carvalho de Melo @ 2023-01-18 13:37 UTC (permalink / raw) To: Ian Rogers Cc: Jiri Olsa, Sohom Datta, Peter Zijlstra, Ingo Molnar, Mark Rutland, Alexander Shishkin, Namhyung Kim, Sohom Datta, linux-perf-users, LKML Em Sun, Jan 08, 2023 at 04:55:59PM -0800, Ian Rogers escreveu: > On Sun, Jan 8, 2023, 6:13 AM Jiri Olsa <olsajiri@gmail.com> wrote: > > > On Sun, Dec 04, 2022 at 04:28:35PM +0530, Sohom Datta wrote: > > > The current implementation does not account for a > > > trailing backslash followed by a null-byte. If a > > > null-byte is encountered following a backslash, > > > normalize() will continue reading (and potentially > > > writing) into garbage memory ignoring the EOS > > > null-byte. > > > > > > Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com> > > > > Acked-by: Jiri Olsa <jolsa@kernel.org> > > > > thanks, > > jirka > > > > Acked-by: Ian Rogers <irogers@google.com> Thanks, applied. Sorry for the delay, probably I didn't saw the "perf tools: ' prefix in the subject and this fell thru the cracks :-\ Thanks to Ingo for pinging me about this, appreciated. - Arnaldo > Thanks, > Ian > > > --- > > > tools/perf/util/expr.l | 5 ++++- > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l > > > index 0168a9637330..d47de5f270a8 100644 > > > --- a/tools/perf/util/expr.l > > > +++ b/tools/perf/util/expr.l > > > @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime) > > > char *dst = str; > > > > > > while (*str) { > > > - if (*str == '\\') > > > + if (*str == '\\') { > > > *dst++ = *++str; > > > + if (!*str) > > > + break; > > > + } > > > else if (*str == '?') { > > > char *paramval; > > > int i = 0; > > > -- > > > 2.38.1 > > > > > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-01-18 14:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-04 10:58 [PATCH] Prevent normalize() from reading into undefined memory Sohom Datta
2023-01-08 14:12 ` Jiri Olsa
[not found] ` <CAP-5=fUjto38BaJX+Uj-BUOc74vg5KqZFewVCuUTW81Q=PAXHA@mail.gmail.com>
2023-01-18 13:37 ` Arnaldo Carvalho de Melo
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).