Re: [PATCH] scripts/kallsyms: fix memory corruption caused by write over-run

From: Masahiro Yamada
Date: Tue Feb 11 2020 - 09:47:33 EST

Next message: Ludovic BARRE: "Re: [PATCH V2 0/9] mmc: mmci: sdmmc: add sdr104 support"
Previous message: Jiri Olsa: "Re: [PATCH RFC 3/7] perf jevents: Add support for a system events PMU"
In reply to: Justin Capella: "Re: [PATCH] scripts/kallsyms: fix memory corruption caused by write over-run"
Next in thread: Masahiro Yamada: "Re: [PATCH] scripts/kallsyms: fix memory corruption caused by write over-run"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi.

On Tue, Feb 11, 2020 at 11:36 AM Justin Capella <justincapella@xxxxxxxxx> wrote:
>
> Looks like len is already +1, maybe it shouldn't be?

This increment is for storing one more character, 'type'.

sym->sym[0] = type;

> > len = strlen(name) + 1;
> >
> > - sym = malloc(sizeof(*sym) + len);
> > + sym = malloc(sizeof(*sym) + len + 1);

This increment is for the '\0' termination.

So, malloc() needs to allocate:
sizeof(*sym) + strlen(name) + 2.

>
>
> Maybe strlcpy or if len wasn't incremented?
>
> >
> > - memcpy(sym_name(sym), name, len);
> > + strcpy(sym_name(sym), name);
> >

--
Best Regards
Masahiro Yamada

Next message: Ludovic BARRE: "Re: [PATCH V2 0/9] mmc: mmci: sdmmc: add sdr104 support"
Previous message: Jiri Olsa: "Re: [PATCH RFC 3/7] perf jevents: Add support for a system events PMU"
In reply to: Justin Capella: "Re: [PATCH] scripts/kallsyms: fix memory corruption caused by write over-run"
Next in thread: Masahiro Yamada: "Re: [PATCH] scripts/kallsyms: fix memory corruption caused by write over-run"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]