Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3894573ybv; Mon, 10 Feb 2020 08:20:42 -0800 (PST) X-Google-Smtp-Source: APXvYqxIF1FqWn00OT/9hDcnafkHH08/EJziwF0YnJirmd4KyD/6Xlcg+gOw7kb4ZR3f7hScHm1i X-Received: by 2002:a05:6830:610:: with SMTP id w16mr1661352oti.239.1581351642400; Mon, 10 Feb 2020 08:20:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581351642; cv=none; d=google.com; s=arc-20160816; b=OW0BM1EMFJ1twpKdpgr0DC/TGJwqq2LAa9YTN85q42axvVP3fsG/YaqHozurQ6T6Mp +TdbHMRhpUEDQe1NX5nQjyV1FPpVRkow0c7e2psujBiVRSQSccdZAmuWrDP45xTdQ6vD bzWgH4ct199rEU/vfm8Lc7J5bs4oYadrahRwFQ0sSRLZOYkR5HEQhuFAwQgqcYtFhrKD 1sH+f7gFtcoOV8RYcIx+/GdMpAauvSkOJaunGO5rLdt/dAXIQ2hhv3xvYZrMHZkVhgCY mfr+nnjtA//XIYSuJFzi8PgOrUn+ZnZNw6QIi6LmUMgkF35l4AVYE96rXe9BUdhux9zD 2sPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter; bh=SL4MRwT3ATSa2hQI1yjh/EyEY5X2F0/2RXCoIx/OgHE=; b=uUZQwA3ylSXwQ70JTJDkGYXYpdAZ/Az9JHLGxXa0dLlRVfVRvEzo1lq8o1ZSR3Ktdh tCp8iNOS3vdGUQRWsQ/MrXcYBzgwEcl5DNiVV+msOA+7iQ+6txvqcBjX+Wd6/YOK5+Lg 9PkzuYhJx30BzKggnk9eGiinn3NnOaiCbbQYV2xWPGZ+B4IquTXG98ka9z9bdVFNUx1V g1hLOJoXpTO0JL/hHGCHYHaBvAWkb4lBjOCcbuaQ7KSa3drwudyIZDq1FEj0bK2s2Dk9 VGCA34L03Qb0TOS52QB3sTRc1uAHRqiUIPBknFxbQTcDziwPfC1xCxIyDKy+mwtMjYzF HCPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=crTnNtuL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w197si367022oia.101.2020.02.10.08.20.30; Mon, 10 Feb 2020 08:20:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=crTnNtuL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727743AbgBJQTa (ORCPT + 99 others); Mon, 10 Feb 2020 11:19:30 -0500 Received: from conuserg-10.nifty.com ([210.131.2.77]:65330 "EHLO conuserg-10.nifty.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727120AbgBJQT3 (ORCPT ); Mon, 10 Feb 2020 11:19:29 -0500 Received: from grover.flets-west.jp (softbank126093102113.bbtec.net [126.93.102.113]) (authenticated) by conuserg-10.nifty.com with ESMTP id 01AGIte3016092; Tue, 11 Feb 2020 01:18:55 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-10.nifty.com 01AGIte3016092 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1581351536; bh=SL4MRwT3ATSa2hQI1yjh/EyEY5X2F0/2RXCoIx/OgHE=; h=From:To:Cc:Subject:Date:From; b=crTnNtuLPCmHQUWJ0zfu9b/MXO1lS+3g+PQ5wrSLn/1D8RG/BbirUjJA5rJf2ftOS oOUu2KOvpuBWWthQhjj0Iyo4D2+u43t0PRK8PsvRIcXvmk+72PcF0rJpkat32msS2o 5Set9v0ljQvxMvO+mE/5uDmMzrM3niLe0GvDGI/EFgWnmoij8x9Fvu6O0JMZ0kYaIu pZCpAgCj4Yn/Q/be+tg473Gpc393S5YMft+jf8kg1vAlqGfT0sgPY61HnQx0ae7LN0 89UZ4bo8KqV9ehjkSKKeSFR0wbYA6ITuAdDUDOYG1XofWN+1ke23wf+nfiNoeRzYhY hs7hn8QViem0w== X-Nifty-SrcIP: [126.93.102.113] From: Masahiro Yamada To: linux-kbuild@vger.kernel.org Cc: youling257 , Pavel Machek , linux-kernel@vger.kernel.org, Masahiro Yamada Subject: [PATCH] scripts/kallsyms: fix memory corruption caused by write over-run Date: Tue, 11 Feb 2020 01:18:52 +0900 Message-Id: <20200210161852.842-1-masahiroy@kernel.org> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org scripts/kallsyms crashes because memcpy() writes one more byte than allocated. Fixes: 8d60526999aa ("scripts/kallsyms: change table to store (strcut sym_entry *)") Reported-by: youling257 Reported-by: Pavel Machek Signed-off-by: Masahiro Yamada --- scripts/kallsyms.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c index a566d8201b56..0133dfaaf352 100644 --- a/scripts/kallsyms.c +++ b/scripts/kallsyms.c @@ -210,7 +210,7 @@ static struct sym_entry *read_symbol(FILE *in) len = strlen(name) + 1; - sym = malloc(sizeof(*sym) + len); + sym = malloc(sizeof(*sym) + len + 1); if (!sym) { fprintf(stderr, "kallsyms failure: " "unable to allocate required amount of memory\n"); @@ -219,7 +219,7 @@ static struct sym_entry *read_symbol(FILE *in) sym->addr = addr; sym->len = len; sym->sym[0] = type; - memcpy(sym_name(sym), name, len); + strcpy(sym_name(sym), name); sym->percpu_absolute = 0; return sym; -- 2.17.1