[DTrace-devel] [PATCH] Fix invalid memory access when looking for pid provider
Eugene Loh
eugene.loh at oracle.com
Wed Apr 8 12:42:04 PDT 2020
On 04/08/2020 08:00 AM, Kris Van Hees wrote:
> The code to determine whether a provider name is a pid provider checks
> whether the last character of the provider name is a digit. This worked
> fine when the probe description name components were fixed size character
hyphenate "fixed-size"
> arrays, but with the change to using allocated trings, this can result in
trings -> strings
> reading a bytye *before* the allocated string if the string is an empty
bytye -> byte
> string because we look at pdp->prv[strlen(pdp->prv) - 1) which would be
- 1)
->
-1]
But I think you can even just drop the text starting at "because we
look...". The commit is short and clear enough that the log message is
becoming more complicated than the commit itself.
> pdp->prv[0 - 1], and therefore we access pdp->prv[-1].
>
> Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
> ---
> libdtrace/dt_cc.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/libdtrace/dt_cc.c b/libdtrace/dt_cc.c
> index fe7082e8..db009461 100644
> --- a/libdtrace/dt_cc.c
> +++ b/libdtrace/dt_cc.c
> @@ -1679,7 +1679,8 @@ dt_setcontext(dtrace_hdl_t *dtp, dtrace_probedesc_t *pdp)
> * On an error, dt_pid_create_probes() will set the error message
> * and tag -- we just have to longjmp() out of here.
> */
> - if (isdigit(pdp->prv[strlen(pdp->prv) - 1]) &&
> + if (pdp->prv && pdp->prv[0] &&
> + isdigit(pdp->prv[strlen(pdp->prv) - 1]) &&
> ((pvp = dt_provider_lookup(dtp, pdp->prv)) == NULL ||
> pvp->desc.dtvd_priv.dtpp_flags & DTRACE_PRIV_PROC) &&
> dt_pid_create_probes(pdp, dtp, yypcb) != 0) {
More information about the DTrace-devel
mailing list