[Crash-utility] [PATCH] Fix segmentation violation in symbol_search

[Petr Tesarik]

Subject: Fix segmentation violation in symbol_search

Fix a possible segmentation violation in crash if a module name
is not NUL-terminated. Although store_module_symbols_v2 complains
about an overly long module name, there are several problems
with the current approach:

1. The maximum size is hard-wired in defs.h and the current
   constant doesn't even match struct module's name field size
   on any architecture.

2. If the string is too long, it is probably not NUL-terminated,
   so we can't use strlen() on it.

3. Even though only the first MAX_MOD_NAME-1 bytes are copied
   to struct load_module, the _MODULE_* pseudo-symbol names are
   generated from the unabridged module name.  As a consequence,
   they are not found further on in the loop at the end of
   store_module_symbols_v2, so lm->mod_symtable remains NULL
   for that module.  The symbol_search() function is not
   prepared for that situation and tries to dereference that
   NULL pointer here:

		sp = lm->mod_symtable;
                sp_end = lm->mod_symend;

                for ( ; sp <= sp_end; sp++) {
                	if (!pseudos && MODULE_PSEUDO_SYMBOL(sp))
							    ^^^^

Regards,
Petr Tesarik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crash-long-modname.patch
Type: text/x-patch
Size: 4823 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/crash-utility/attachments/20110204/8eb14386/attachment.bin>