The current implementation does not account for a
trailing backslash followed by a null-byte. If a
null-byte is encountered following a backslash,
normalize() will continue reading (and potentially
writing) into garbage memory ignoring the EOS
null-byte.
Signed-off-by: Sohom Datta <[email protected]>
---
tools/perf/util/expr.l | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l
index 0168a9637330..d47de5f270a8 100644
--- a/tools/perf/util/expr.l
+++ b/tools/perf/util/expr.l
@@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime)
char *dst = str;
while (*str) {
- if (*str == '\\')
+ if (*str == '\\') {
*dst++ = *++str;
+ if (!*str)
+ break;
+ }
else if (*str == '?') {
char *paramval;
int i = 0;
--
2.38.1
On Sun, Dec 04, 2022 at 04:28:35PM +0530, Sohom Datta wrote:
> The current implementation does not account for a
> trailing backslash followed by a null-byte. If a
> null-byte is encountered following a backslash,
> normalize() will continue reading (and potentially
> writing) into garbage memory ignoring the EOS
> null-byte.
>
> Signed-off-by: Sohom Datta <[email protected]>
Acked-by: Jiri Olsa <[email protected]>
thanks,
jirka
> ---
> tools/perf/util/expr.l | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l
> index 0168a9637330..d47de5f270a8 100644
> --- a/tools/perf/util/expr.l
> +++ b/tools/perf/util/expr.l
> @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime)
> char *dst = str;
>
> while (*str) {
> - if (*str == '\\')
> + if (*str == '\\') {
> *dst++ = *++str;
> + if (!*str)
> + break;
> + }
> else if (*str == '?') {
> char *paramval;
> int i = 0;
> --
> 2.38.1
>
Em Sun, Jan 08, 2023 at 04:55:59PM -0800, Ian Rogers escreveu:
> On Sun, Jan 8, 2023, 6:13 AM Jiri Olsa <[email protected]> wrote:
>
> > On Sun, Dec 04, 2022 at 04:28:35PM +0530, Sohom Datta wrote:
> > > The current implementation does not account for a
> > > trailing backslash followed by a null-byte. If a
> > > null-byte is encountered following a backslash,
> > > normalize() will continue reading (and potentially
> > > writing) into garbage memory ignoring the EOS
> > > null-byte.
> > >
> > > Signed-off-by: Sohom Datta <[email protected]>
> >
> > Acked-by: Jiri Olsa <[email protected]>
> >
> > thanks,
> > jirka
> >
>
> Acked-by: Ian Rogers <[email protected]>
Thanks, applied. Sorry for the delay, probably I didn't saw the "perf
tools: ' prefix in the subject and this fell thru the cracks :-\
Thanks to Ingo for pinging me about this, appreciated.
- Arnaldo
> Thanks,
> Ian
>
> > ---
> > > tools/perf/util/expr.l | 5 ++++-
> > > 1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l
> > > index 0168a9637330..d47de5f270a8 100644
> > > --- a/tools/perf/util/expr.l
> > > +++ b/tools/perf/util/expr.l
> > > @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime)
> > > char *dst = str;
> > >
> > > while (*str) {
> > > - if (*str == '\\')
> > > + if (*str == '\\') {
> > > *dst++ = *++str;
> > > + if (!*str)
> > > + break;
> > > + }
> > > else if (*str == '?') {
> > > char *paramval;
> > > int i = 0;
> > > --
> > > 2.38.1
> > >
> >