[Crash-utility] [PATCH] Fix unsigned signed comparison causing segfault for small VMCOREINFO notes
Dave Anderson
anderson at redhat.com
Wed Jun 5 20:18:02 UTC 2019
----- Original Message -----
> Hi,
>
> This is a fix for a signed/unsigned comparison bug in vmcoreinfo_read_string.
> The bug causes a segmentation fault if size_vmcoreinfo + 1 is smaller than
> the length of the key string passed in.
I suppose that's true, but can you describe the instance where that actually happened?
Can you show the actual note contents as shown by "help -D"?
Thanks,
Dave
>
> Signed-off-by: Nuno Das Neves <nudasnev at microsoft.com>
> ---
> netdump.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/netdump.c b/netdump.c
> index 40f9cde..d257ecd 100644
> --- a/netdump.c
> +++ b/netdump.c
> @@ -1838,7 +1838,7 @@ vmcoreinfo_read_string(const char *key)
> return NULL;
>
> /* the '+ 1' is the equal sign */
> - for (i = 0; i < (size_vmcoreinfo - key_length + 1); i++) {
> + for (i = 0; i < (int)(size_vmcoreinfo - key_length + 1); i++) {
> /*
> * We must also check if we're at the beginning of VMCOREINFO
> * or the separating newline is there, and of course if we
> --
> 1.8.3.1
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>
More information about the Crash-utility
mailing list