[Crash-utility] [PATCH] Fix segmentation violation in symbol_search
Petr Tesarik
ptesarik at suse.cz
Fri Feb 4 11:10:31 UTC 2011
Subject: Fix segmentation violation in symbol_search
Fix a possible segmentation violation in crash if a module name
is not NUL-terminated. Although store_module_symbols_v2 complains
about an overly long module name, there are several problems
with the current approach:
1. The maximum size is hard-wired in defs.h and the current
constant doesn't even match struct module's name field size
on any architecture.
2. If the string is too long, it is probably not NUL-terminated,
so we can't use strlen() on it.
3. Even though only the first MAX_MOD_NAME-1 bytes are copied
to struct load_module, the _MODULE_* pseudo-symbol names are
generated from the unabridged module name. As a consequence,
they are not found further on in the loop at the end of
store_module_symbols_v2, so lm->mod_symtable remains NULL
for that module. The symbol_search() function is not
prepared for that situation and tries to dereference that
NULL pointer here:
sp = lm->mod_symtable;
sp_end = lm->mod_symend;
for ( ; sp <= sp_end; sp++) {
if (!pseudos && MODULE_PSEUDO_SYMBOL(sp))
^^^^
Regards,
Petr Tesarik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crash-long-modname.patch
Type: text/x-patch
Size: 4823 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/crash-utility/attachments/20110204/8eb14386/attachment.bin>
More information about the Crash-utility
mailing list