From: "Steven Rostedt (Google)" <rostedt@xxxxxxxxxxx> The string parsing of tokens can be confused if the string has a backslash at the end of the string. That is "\\\0" or \<nul>. The backslash will skip the next character. If the next character is the end of the string, it will read past the end of the string. Check for end of buffer (less than or equal to 0), and if the next character is the end of buffer, exit the loop regardless if the previous character was a backslash. Also fail the parsing of the event if the string is not terminated by the quote that started it. Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx> --- src/event-parse.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/event-parse.c b/src/event-parse.c index b37d81a89bf8..8167777fccd7 100644 --- a/src/event-parse.c +++ b/src/event-parse.c @@ -1303,10 +1303,15 @@ static enum tep_event_type __read_token(struct tep_handle *tep, char **tok) if (ch == '\\' && last_ch == '\\') last_ch = 0; /* Break out if the file is corrupted and giving non print chars */ + if (ch <= 0) + break; } while ((ch != quote_ch && isprint(ch)) || last_ch == '\\' || ch == '\n'); /* remove the last quote */ i--; + if (ch <= 0) + type = TEP_EVENT_NONE; + /* * For strings (double quotes) check the next token. * If it is another string, concatinate the two. -- 2.35.1
|