Re: [PATCH] tracing: Correct the length check which causes memory corruption

From: Steven Rostedt
Date: Mon Jun 07 2021 - 11:34:20 EST


On Mon, 7 Jun 2021 20:57:34 +0800
Liangyan <liangyan.peng@xxxxxxxxxxxxxxxxx> wrote:

> commit b220c049d519 ("tracing: Check length before giving out
> the filter buffer") adds length check to protect trace data
> overflow introduced in 0fc1b09ff1ff, seems that this fix can't prevent
> overflow entirely, the length check should also take the sizeof
> entry->array[0] into account, since this array[0] is filled the
> length of trace data and occupy addtional space and risk overflow.

Bah, you're right! I didn't take into account that when the event is
this big, array[] will have content.

I queued the patch and will start testing it.

Thanks!

-- Steve