From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754397AbcDTNXK (ORCPT ); Wed, 20 Apr 2016 09:23:10 -0400 Received: from mail.kernel.org ([198.145.29.136]:33485 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750938AbcDTNXI (ORCPT ); Wed, 20 Apr 2016 09:23:08 -0400 Date: Wed, 20 Apr 2016 10:23:04 -0300 From: Arnaldo Carvalho de Melo To: Adrian Hunter Cc: Andrey Ryabinin , Ingo Molnar , Peter Zijlstra , Alexander Shishkin , linux-kernel@vger.kernel.org Subject: Re: [PATCH] perf buildid: fix off-by-one in write_buildid() Message-ID: <20160420132304.GN3677@kernel.org> References: <1461053847-5633-1-git-send-email-aryabinin@virtuozzo.com> <20160419134056.GC3677@kernel.org> <571777C6.9040809@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <571777C6.9040809@intel.com> X-Url: http://acmel.wordpress.com User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Em Wed, Apr 20, 2016 at 03:36:22PM +0300, Adrian Hunter escreveu: > On 19/04/16 16:40, Arnaldo Carvalho de Melo wrote: > > Em Tue, Apr 19, 2016 at 11:17:27AM +0300, Andrey Ryabinin escreveu: > >> write_buildid() increments 'name_len' with intention to take into account > >> trailing zero byte. However, 'name_len' was already incremented in > >> machine__write_buildid_table() before. > >> So this leads to out-of-bounds read in do_write(): > > > > Adrian, can you please take a look at the db-export improvements made in > > this series? It'd be good to have your ack for those, > > You mean the patches from Chris Phlipot - yes I'll look at them. Yeah, thanks, - Arnaldo