[lttng-dev] UST segfault: memcpy too big
Mathieu Desnoyers
mathieu.desnoyers at efficios.com
Tue Oct 9 12:52:38 EDT 2012
* Hollis Blanchard (hollis_blanchard at mentor.com) wrote:
> I seem to have hit a little problem with a "hello world" test app and
> lttng-ust 2.0.3. lttng-ust.git seems to be affected as well. Basically,
> I created a single UST tracepoint, but as soon as I run "lttng
> enable-event -u -a", my app segfaults. The problem seems to be that when
> creating the event to pass to ltt_event_create(), we try to memcpy the
> full 256 bytes of name. However, the name might be shorter, and if we
> get unlucky it falls within 256 bytes of the segment boundary...
Good catch !!
Fixed by commit:
master:
commit 1c7b4a9b7cc83f750a7d58d5e2f4894a2559f583
Author: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
Date: Tue Oct 9 12:47:31 2012 -0400
Fix: memcpy of string is larger than source
Hollis Blanchard <hollis_blanchard at mentor.com> wrote:
> I seem to have hit a little problem with a "hello world" test app and
> lttng-ust 2.0.3. lttng-ust.git seems to be affected as well. Basically,
> I created a single UST tracepoint, but as soon as I run "lttng
> enable-event -u -a", my app segfaults. The problem seems to be that when
> creating the event to pass to ltt_event_create(), we try to memcpy the
> full 256 bytes of name. However, the name might be shorter, and if we
> get unlucky it falls within 256 bytes of the segment boundary...
Fixing the 3 sites where this issue arise. Manually inspecting all
memcpy in the UST code returned by grep did the job.
Reported-by: Hollis Blanchard <hollis_blanchard at mentor.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
stable-2.0:
commit 7a673d9947d11a37d08be89a5c157afdfd377f9f
Author: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
Date: Tue Oct 9 12:47:31 2012 -0400
Fix: memcpy of string is larger than source
Hollis Blanchard <hollis_blanchard at mentor.com> wrote:
> I seem to have hit a little problem with a "hello world" test app and
> lttng-ust 2.0.3. lttng-ust.git seems to be affected as well. Basically,
> I created a single UST tracepoint, but as soon as I run "lttng
> enable-event -u -a", my app segfaults. The problem seems to be that when
> creating the event to pass to ltt_event_create(), we try to memcpy the
> full 256 bytes of name. However, the name might be shorter, and if we
> get unlucky it falls within 256 bytes of the segment boundary...
Fixing the 3 sites where this issue arise. Manually inspecting all
memcpy in the UST code returned by grep did the job.
Reported-by: Hollis Blanchard <hollis_blanchard at mentor.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers at efficios.com>
Thanks!
Mathieu
--
Mathieu Desnoyers
Operating System Efficiency R&D Consultant
EfficiOS Inc.
http://www.efficios.com
More information about the lttng-dev
mailing list