[Crash-utility] [PATCH] crash: fix a segment fault
Wengang Wang
wen.gang.wang at oracle.com
Thu May 13 16:39:31 UTC 2021
There could be something wrong in the symbol name buffer for
a kernel module. That could lead to reading from outside of
"strbuf" in crash util code.
Fix:
Theck the index VS strbuf size and skip that symbol in case of
out of band.
Signed-off-by: Wengang Wang <wen.gang.wang at oracle.com>
---
symbols.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/symbols.c b/symbols.c
index 5d7da6e..0b68ba9 100644
--- a/symbols.c
+++ b/symbols.c
@@ -1965,12 +1965,20 @@ store_module_symbols_v2(ulong total, int mods_installed)
BZERO(buf1, BUFSIZE);
- if (strbuf)
- strcpy(buf1,
- &strbuf[modsym_name(gpl_syms, modsym, i) - first]);
- else
+ if (strbuf) {
+ unsigned long addr = modsym_name(gpl_syms, modsym, i);
+ unsigned long index = addr - first;
+
+ if (index < strbuflen)
+ strncpy(buf1,
+ &strbuf[index], BUFSIZE - 1);
+ else
+ fprintf(fp, "\nWarning: module \"%s\" has invalid address %lx for %dth symbol\n",
+ lm->mod_name, addr, i);
+ } else {
read_string(modsym_name(gpl_syms, modsym, i), buf1,
BUFSIZE-1);
+ }
if (strlen(buf1)) {
st->ext_module_symtable[mcnt].value =
--
2.21.0 (Apple Git-122.2)
More information about the Crash-utility
mailing list