Fix buffer overflow in arg_eval

Signed-off-by: Bolehu <heyaohua@xfusion.com>
2023-01-08 08:09:52 +08:00 · 2023-01-08 08:09:52 +08:00 · 6a832304b6
commit 6a832304b6
parent 5afc9980be
2 changed files with 53 additions and 1 deletions
--- a/Backport-trace-cmd-Fix-buffer-overflow-in-arg_eval.patch
+++ b/Backport-trace-cmd-Fix-buffer-overflow-in-arg_eval.patch
@ -0,0 +1,48 @@
+From f04d6abb726fe1f8059053dae742cdfabbd4600f Mon Sep 17 00:00:00 2001
+From: Bolehu <heyaohua@xfusion.com>
+Date: Sun, 8 Jan 2023 05:57:33 +0800
+Subject: [PATCH] [Backport] trace-cmd:Fix buffer overflow in arg_eval
+
+Fix buffer overflow observed when running perf test.
+
+The overflow is when trying to evaluate "1ULL << (64 - 1)" which is
+resulting in -9223372036854775808 which overflows the 20 character
+buffer.
+
+If is possible this bug has been reported before but I still don't see
+any fix checked in:
+
+See: https://www.spinics.net/lists/linux-perf-users/msg07714.html
+Link: http://lore.kernel.org/linux-trace-devel/20190807121446.1833-1-tz.stoyanov@gmail.com
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204517
+
+Reported-by: Michael Sartain <mikesart@fastmail.com>
+Reported-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: Tony Jones <tonyj@suse.de>
+Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Cc: Frederic Weisbecker <fweisbec@gmail.com>
+Fixes: f7d82350e597 ("tools/events: Add files to create libtraceevent.a")
+Link: http://lkml.kernel.org/r/20190228015532.8941-1-tonyj@suse.de
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Bolehu <heyaohua@xfusion.com>
+---
+ event-parse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/event-parse.c b/event-parse.c
+index e5f2acb..9ae53c2 100644
+--- a/event-parse.c
+++ b/event-parse.c
+@@ -2430,7 +2430,7 @@ static int arg_num_eval(struct print_arg *arg, long long *val)
+ static char *arg_eval (struct print_arg *arg)
+ {
+ 	long long val;
+-	static char buf[20];
+	static char buf[24];
+ 
+ 	switch (arg->type) {
+ 	case PRINT_ATOM:
+-- 
+2.33.0
+
--- a/trace-cmd.spec
+++ b/trace-cmd.spec
@ -1,6 +1,6 @@
 Name:            trace-cmd
 Version:         2.7
-Release:         5
+Release:         6
 Summary:         A front-end for Ftrace
 License:         GPLv2 and LGPLv2
 URL:             http://git.kernel.org/?p=linux/kernel/git/rostedt/trace-cmd.git;a=summary
@ -8,6 +8,7 @@ Source0:         https://git.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-c
 Source1:         kernelshark.desktop
 Patch1:          0001-trace-cmd-Figure-out-the-arch-and-install-library-to.patch
 Patch2:          0002-trace-cmd-Fix-the-logic-behind-SWIG_DEFINED-in-the-M.patch
+Patch3:          Backport-trace-cmd-Fix-buffer-overflow-in-arg_eval.patch

 BuildRequires:   gcc xmlto asciidoc mlocate libxml2-devel
 BuildRequires:   gtk2-devel glib2-devel desktop-file-utils
@ -91,6 +92,9 @@ desktop-file-validate $RPM_BUILD_ROOT/%{_datadir}/applications/kernelshark.deskt
 %{_mandir}/man5/*

 %changelog
+* Fri Jul 28 2023 Bolehu <heyaohua@xfusion.com> - 2.7-6
+- Fix buffer overflow in arg_eval
+
 * Fri Nov 06 2020 baizhonggui <baizhonggui@huawei.com> - 2.7-5
 - Add install requires help package into main package