[Crash-utility] [PATCH] Fixed the segment fault when ikconfig passed nonstandard values
HAGIO KAZUHITO(萩尾 一仁)
k-hagio-ab at nec.com
Mon Jan 4 23:52:38 UTC 2021
Hi Jakie,
I replied only to the list but you look not subscribed?
so sending you this again just in case..
Thanks,
Kazu
-----Original Message-----
> -----Original Message-----
> > From: Jackie Liu <liuyun01 at kylinos.cn>
> >
> > Some strange reasons may cause kcore to collect some strange
> > entries of ikconfig, such as CONFIG_SECU+[some hex data] causes
> > the 'val' to be NULL, and then crashes when strdup.
> >
> > Signed-off-by: Jackie Liu <liuyun01 at kylinos.cn>
> > ---
> > kernel.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/kernel.c b/kernel.c
> > index 9871637..aa86f0d 100644
> > --- a/kernel.c
> > +++ b/kernel.c
> > @@ -10244,6 +10244,9 @@ static void add_ikconfig_entry(char *line, struct ikconfig_list *ent)
> > sscanf(name, "CONFIG_%s", name);
> > val = strtok_r(NULL, "", &tokptr);
> >
> > + if (!val)
> > + return;
> > +
>
> This looks harmless, but kt->ikconfig_ents is incremented unconditionally
> in setup_ikconfig() and inconsistent with the following debug message
>
> if (setup_ikconfig(pos)) {
> kt->ikconfig_flags |= IKCONFIG_LOADED;
> if (CRASHDEBUG(1))
> fprintf(fp,
> "ikconfig: %d valid configs.\n",
> kt->ikconfig_ents);
>
> and it consumes an element of the ikconfig_all array needlessly, so
> how about something like this?:
>
> if (!val) {
> if (CRASHDEBUG(2))
> error(WARNING, "invalid ikconfig entry: %s\n", line);
> return FALSE;
> }
> ...
> return TRUE;
>
> and in setup_ikconfig():
>
> if (add_ikconfig_entry(ent, &ikconfig_all[kt->ikconfig_ents])
> kt->ikconfig_ents++;
>
> Thanks,
> Kazu
>
> > ent->name = strdup(name);
> > ent->val = strdup(val);
> > }
> > --
> > 2.17.1
> >
> >
More information about the Crash-utility
mailing list