[DTrace-devel] [PATCH 18/47] Fix invalid memory access when looking for pid provider
Kris Van Hees
kris.van.hees at oracle.com
Sun May 3 20:17:19 PDT 2020
The code to determine whether a provider name is a pid provider checks
whether the last character of the provider name is a digit. This worked
fine when the probe description name components were fixed-size character
arrays, but with the change to using allocated strings, this can result in
reading a byte *before* the allocated string if the string is an empty
string because.
Orabug: 31220517
Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
Reviewed-by: Kris Van Hees <kris.van.hees at oracle.com>
Reviewed-by: Eugene Loh <eugene.loh at oracle.com>
---
libdtrace/dt_cc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libdtrace/dt_cc.c b/libdtrace/dt_cc.c
index 9fce5081..82728827 100644
--- a/libdtrace/dt_cc.c
+++ b/libdtrace/dt_cc.c
@@ -1681,7 +1681,8 @@ dt_setcontext(dtrace_hdl_t *dtp, dtrace_probedesc_t *pdp)
* On an error, dt_pid_create_probes() will set the error message
* and tag -- we just have to longjmp() out of here.
*/
- if (isdigit(pdp->prv[strlen(pdp->prv) - 1]) &&
+ if (pdp->prv && pdp->prv[0] &&
+ isdigit(pdp->prv[strlen(pdp->prv) - 1]) &&
((pvp = dt_provider_lookup(dtp, pdp->prv)) == NULL ||
pvp->desc.dtvd_priv.dtpp_flags & DTRACE_PRIV_PROC) &&
dt_pid_create_probes(pdp, dtp, yypcb) != 0) {
--
2.26.0
More information about the DTrace-devel
mailing list