Hi Wengang,
Thanks for the patch.
-----Original Message-----
> There could be something wrong in the symbol name buffer for
> a kernel module. That could lead to reading from outside of
> "strbuf" in crash util code.
Do you mean that there is something wrong in the kernel and the patch
is a fail-safe for that?
If so, do you have any evidence or debugging information that can
determine whether the kernel causes the issue?
If there is likely to be a bug in the crash utility, I'd like to debug
the root cause more.
Thanks,
Kazu
>
> Fix:
> Theck the index VS strbuf size and skip that symbol in case of
> out of band.
>
> Signed-off-by: Wengang Wang <wen.gang.wang@xxxxxxxxxx>
> ---
> symbols.c | 16 ++++++++++++----
> 1 file changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/symbols.c b/symbols.c
> index 5d7da6e..0b68ba9 100644
> --- a/symbols.c
> +++ b/symbols.c
> @@ -1965,12 +1965,20 @@ store_module_symbols_v2(ulong total, int mods_installed)
>
> BZERO(buf1, BUFSIZE);
>
> - if (strbuf)
> - strcpy(buf1,
> - &strbuf[modsym_name(gpl_syms, modsym, i) - first]);
> - else
> + if (strbuf) {
> + unsigned long addr = modsym_name(gpl_syms, modsym, i);
> + unsigned long index = addr - first;
> +
> + if (index < strbuflen)
> + strncpy(buf1,
> + &strbuf[index], BUFSIZE - 1);
> + else
> + fprintf(fp, "\nWarning: module \"%s\" has invalid address %lx for %dth
> symbol\n",
> + lm->mod_name, addr, i);
> + } else {
> read_string(modsym_name(gpl_syms, modsym, i), buf1,
> BUFSIZE-1);
> + }
>
> if (strlen(buf1)) {
> st->ext_module_symtable[mcnt].value =
> --
> 2.21.0 (Apple Git-122.2)
>
> --
> Crash-utility mailing list
> Crash-utility@xxxxxxxxxx
> https://listman.redhat.com/mailman/listinfo/crash-utility
--
Crash-utility mailing list
Crash-utility@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/crash-utility
