There could be something wrong in the symbol name buffer for
a kernel module. That could lead to reading from outside of
"strbuf" in crash util code.
Fix:
Theck the index VS strbuf size and skip that symbol in case of
out of band.
Signed-off-by: Wengang Wang <wen.gang.wang@xxxxxxxxxx>
---
symbols.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/symbols.c b/symbols.c
index 5d7da6e..0b68ba9 100644
--- a/symbols.c
+++ b/symbols.c
@@ -1965,12 +1965,20 @@ store_module_symbols_v2(ulong total, int mods_installed)
BZERO(buf1, BUFSIZE);
- if (strbuf)
- strcpy(buf1,
- &strbuf[modsym_name(gpl_syms, modsym, i) - first]);
- else
+ if (strbuf) {
+ unsigned long addr = modsym_name(gpl_syms, modsym, i);
+ unsigned long index = addr - first;
+
+ if (index < strbuflen)
+ strncpy(buf1,
+ &strbuf[index], BUFSIZE - 1);
+ else
+ fprintf(fp, "\nWarning: module \"%s\" has invalid address %lx for %dth symbol\n",
+ lm->mod_name, addr, i);
+ } else {
read_string(modsym_name(gpl_syms, modsym, i), buf1,
BUFSIZE-1);
+ }
if (strlen(buf1)) {
st->ext_module_symtable[mcnt].value =
--
2.21.0 (Apple Git-122.2)
--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/crash-utility
