[ltt-dev] Bug in add_marker (marker.c)
Mathieu Desnoyers
compudj at krystal.dyndns.org
Mon Aug 2 15:48:54 EDT 2010
Good catch ! Here is the patch.
Pierre-Marc, can you apply it to UST too ?
Thanks,
Mathieu
markers fix out of bound array
While creating my own probes, I've observed that I get format mismatch error...
While digging into the executed code I observe that my format (stored in a
marker_entry) was overwritten by a new allocated structure. Finally I found
that in add_marker function the format pointer seems to be set to the wrong
position:
e->format = &e->name[channel_len + name_len];
while the proper assignment should be
e->format = &e->name[name_len];
indead:
size_t channel_len = strlen(channel) + 1;
size_t name_len = strlen(name) + 1;
...
size_t format_len ...= strlen(format) + 1;
and
struct marker_entry {
....
char channel[0]; /* Contains channel'\0'name'\0'format'\0' * /
};
...
e = kmalloc(sizeof(struct marker_entry)
+ channel_len + name_len + format_len,
GFP_KERNEL);
....
e->name = &e->channel[channel_len];
Rgds,
Damien COTTIER.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
---
kernel/marker.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6-lttng/kernel/marker.c
===================================================================
--- linux-2.6-lttng.orig/kernel/marker.c 2010-08-02 15:44:51.000000000 -0400
+++ linux-2.6-lttng/kernel/marker.c 2010-08-02 15:45:55.000000000 -0400
@@ -436,7 +436,7 @@ static struct marker_entry *add_marker(c
e->name = &e->channel[channel_len];
memcpy(e->name, name, name_len);
if (format) {
- e->format = &e->name[channel_len + name_len];
+ e->format = &e->name[name_len];
memcpy(e->format, format, format_len);
if (strcmp(e->format, MARK_NOARGS) == 0)
e->call = marker_probe_cb_noarg;
--
Mathieu Desnoyers
Operating System Efficiency R&D Consultant
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list