On Tue, Feb 11, 2020 at 1:19 AM Masahiro Yamada <masahiroy@xxxxxxxxxx> wrote:
>
> scripts/kallsyms crashes because memcpy() writes one more byte than
> allocated.
>
> Fixes: 8d60526999aa ("scripts/kallsyms: change table to store (strcut sym_entry *)")
> Reported-by: youling257 <youling257@xxxxxxxxx>
> Reported-by: Pavel Machek <pavel@xxxxxx>
> Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx>
> ---
Applied.
I will send a pull request shortly
because many people are tripping over this bug.
> scripts/kallsyms.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
> index a566d8201b56..0133dfaaf352 100644
> --- a/scripts/kallsyms.c
> +++ b/scripts/kallsyms.c
> @@ -210,7 +210,7 @@ static struct sym_entry *read_symbol(FILE *in)
>
> len = strlen(name) + 1;
>
> - sym = malloc(sizeof(*sym) + len);
> + sym = malloc(sizeof(*sym) + len + 1);
> if (!sym) {
> fprintf(stderr, "kallsyms failure: "
> "unable to allocate required amount of memory\n");
> @@ -219,7 +219,7 @@ static struct sym_entry *read_symbol(FILE *in)
> sym->addr = addr;
> sym->len = len;
> sym->sym[0] = type;
> - memcpy(sym_name(sym), name, len);
> + strcpy(sym_name(sym), name);
> sym->percpu_absolute = 0;
>
> return sym;
> --
> 2.17.1
>
--
Best Regards
Masahiro Yamada
