On Wed, 21 Nov 2018 15:14:19 +0000 Yordan Karadzhov <ykaradzhov@xxxxxxxxxx> wrote: > tep_read_number_field() is being used to retrieve the value of a data > field and this value has being used without checking if the function > succeeded. This is a potential bug because tep_read_number_field() may > fail and in such a case the retrieved field value will be arbitrary. > > Signed-off-by: Yordan Karadzhov <ykaradzhov@xxxxxxxxxx> > --- > kernel-shark-qt/src/plugins/sched_events.c | 52 +++++++++++++--------- > 1 file changed, 30 insertions(+), 22 deletions(-) > > diff --git a/kernel-shark-qt/src/plugins/sched_events.c b/kernel-shark-qt/src/plugins/sched_events.c > index 1851569..c22e198 100644 > --- a/kernel-shark-qt/src/plugins/sched_events.c > +++ b/kernel-shark-qt/src/plugins/sched_events.c > @@ -97,10 +97,12 @@ int plugin_get_next_pid(struct tep_record *record) > struct plugin_sched_context *plugin_ctx = > plugin_sched_context_handler; > unsigned long long val; > + int ret; > > - tep_read_number_field(plugin_ctx->sched_switch_next_field, > - record->data, &val); > - return val; > + ret = tep_read_number_field(plugin_ctx->sched_switch_next_field, > + record->data, &val); > + > + return (ret == 0) ? val : ret; BTW, here's a little optimization trick: return ret ? : val; We should change the rest to do that. -- Steve > } >
|