[ltt-dev] Bug in add_marker (marker.c)

[Pierre-Marc Fournier]

Applied to ust. Thanks.

pmf

On 08/02/2010 03:48 PM, Mathieu Desnoyers wrote:
> Good catch ! Here is the patch.
>
> Pierre-Marc, can you apply it to UST too ?
>
> Thanks,
>
> Mathieu
>
> markers fix out of bound array
>
> While creating my own probes, I've observed that I get format mismatch error...
> While digging into the executed code I observe that my format (stored in a
> marker_entry) was overwritten by a new allocated structure. Finally I found
> that in add_marker function the format pointer seems to be set to the wrong
> position:
>
> e->format =&e->name[channel_len + name_len];
> while the proper assignment should be
> e->format =&e->name[name_len];
>
> indead:
>
> size_t channel_len = strlen(channel) + 1;
> size_t name_len = strlen(name) + 1;
> ...
> size_t format_len ...= strlen(format) + 1;
>
> and
>
> struct marker_entry {
> ....
>      char channel[0];        /* Contains channel'\0'name'\0'format'\0' *     /
>
> };
>
> ...
>
> e = kmalloc(sizeof(struct marker_entry)
>        + channel_len + name_len + format_len,
>        GFP_KERNEL);
> ....
> e->name =&e->channel[channel_len];
>
> Rgds,
> Damien COTTIER.
>
> Signed-off-by: Mathieu Desnoyers<mathieu.desnoyers at efficios.com>
> ---
>   kernel/marker.c |    2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> Index: linux-2.6-lttng/kernel/marker.c
> ===================================================================
> --- linux-2.6-lttng.orig/kernel/marker.c	2010-08-02 15:44:51.000000000 -0400
> +++ linux-2.6-lttng/kernel/marker.c	2010-08-02 15:45:55.000000000 -0400
> @@ -436,7 +436,7 @@ static struct marker_entry *add_marker(c
>   	e->name =&e->channel[channel_len];
>   	memcpy(e->name, name, name_len);
>   	if (format) {
> -		e->format =&e->name[channel_len + name_len];
> +		e->format =&e->name[name_len];
>   		memcpy(e->format, format, format_len);
>   		if (strcmp(e->format, MARK_NOARGS) == 0)
>   			e->call = marker_probe_cb_noarg;