Re: [PATCH] kallsyms: Fix segfault in prefix_underscores_count().
From: Li Zefan
Date: Wed Sep 16 2009 - 02:30:19 EST
CC: Paulo Marques <pmarques@xxxxxxxxxxxx> (who reviewed that patch)
Paul Mundt wrote:
> [ I'm not sure who exactly this should go to, so I've attempted to get all of
> the interested parties in the Cc. ]
>
> This is a re-send of a problem that I reported on August 7th, both Sam and Lai
> have been unresponsive, so hopefully someone else can take a look at this.
>
Lai is off office and won't be back in 2 weeks, so I'm afraid
he won't be responsive..
> Commit b478b782e110fdb4135caa3062b6d687e989d994 "kallsyms, tracing:
> output more proper symbol name" introduces a "bugfix" that introduces
> a segfault in kallsyms in my configurations.
>
> The cause is the introduction of prefix_underscores_count() which
> attempts to count underscores, even in symbols that do not have them.
> As a result, it just uselessly runs past the end of the buffer until it
> crashes:
>
But the fix looks obviously correct, as long as @str is guaranteed
to be NULL-terminated.
...
> @@ -584,9 +538,14 @@ static int may_be_linker_script_provide_symbol(const struct sym_entry *se)
> static int prefix_underscores_count(const char *str)
> {
> const char *tail = str;
> + size_t len = strlen(str);
> +
> + while (*tail != '_') {
> + if (!len--)
> + return 0;
>
> - while (*tail != '_')
> tail++;
> + }
Can be simplified as:
while (*tail != '\0' && *tail != '_')
tail++;
But..as the name "prefix_underscores_count" suggests, shouldn't
it be:
while (*tail == '_')
tail++;
??
>
> return tail - str;
> }
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/