[DTrace-devel] [PATCH] stapsdt: fix out-of-bounds access when provider name is not specified
Eugene Loh
eugene.loh at oracle.com
Sat Aug 30 00:21:57 UTC 2025
Reviewed-by: Eugene Loh <eugene.loh at oracle.com>
I'm assuming no test is practical here... it all depends on what garbage
one finds in front of pdp->prv?
On 8/29/25 14:46, Kris Van Hees wrote:
> Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
> ---
> libdtrace/dt_pid.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libdtrace/dt_pid.c b/libdtrace/dt_pid.c
> index 4af9141aa..ffc52132f 100644
> --- a/libdtrace/dt_pid.c
> +++ b/libdtrace/dt_pid.c
> @@ -1518,10 +1518,14 @@ dt_pid_create_stapsdt_probes(dtrace_probedesc_t *pdp, dtrace_hdl_t *dtp, dt_pcb_
> dt_proc_t *dpr = NULL;
> const char *pidstr;
> pid_t pid;
> + size_t len = strlen(pdp->prv);
> +
> + if (len == 0)
> + return 0;
>
> assert(pcb != NULL);
>
> - pidstr = &pdp->prv[strlen(pdp->prv)];
> + pidstr = &pdp->prv[len];
>
> while (isdigit(*(pidstr - 1)))
> pidstr--;
More information about the DTrace-devel
mailing list