On Mon, Jul 10, 2023 at 2:05 PM HAGIO KAZUHITO(萩尾 一仁) <k-hagio...@nec.com>
wrote:
> Without the patch, do_mt_entry() can call dump_struct_members_for_tree()
> with a NULL entry, and parse_for_member_extended() will cause a
> segmentation fault during strncpy().
>
> Good findings, Kazu.
And looks good to me, for the patch: Ack
Thanks.
Lianbo
This is caused by "tree -t maple -s struct.member.member" style multiple
> level member access:
>
> crash> tree -t maple -s irq_desc.irq_data.irq sparse_irqs
> ffff936980188400
> irq_data.irq = 0,
> ffff93698018be00
> irq_data.irq = 1,
> ...
> ffff936980f38e00
> irq_data.irq = 19,
> Segmentation fault (core dumped)
>
> (gdb) bt
> #0 0x00007faaf8e51635 in __strncpy_avx2 () from /lib64/libc.so.6
> #1 0x00000000005e5927 in parse_for_member_extended
> (dm=dm@entry=0x7ffcb9e6d860,
> ...
> #2 0x0000000000603c45 in dump_struct_member (s=s@entry=0x128cde0
> <shared_bufs+1024> ...
> #3 0x0000000000513cf5 in dump_struct_members_for_tree
> (td=td@entry=0x7ffcb9e6eeb0,
> ...
> #4 0x0000000000651f15 in do_mt_entry (entry=0, min=min@entry=20,
> max=max@entry=119, ...
> ...
>
> Signed-off-by: Kazuhito Hagio <k-hagio...@nec.com>
> ---
> maple_tree.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/maple_tree.c b/maple_tree.c
> index eccd273105a6..8c804d0cb80d 100644
> --- a/maple_tree.c
> +++ b/maple_tree.c
> @@ -313,7 +313,7 @@ static void do_mt_entry(ulong entry, ulong min, ulong
> max, uint depth,
> fprintf(fp, " index: %ld position: %s/%u\n",
> ++(*global_index), path, index);
>
> - if (td->structname) {
> + if (td->structname && entry) {
> if (td->flags & TREE_STRUCT_RADIX_10)
> print_radix = 10;
> else if (td->flags & TREE_STRUCT_RADIX_16)
> --
> 2.31.1
>
>
--
Crash-utility mailing list
Crash-utility@redhat.com
https://listman.redhat.com/mailman/listinfo/crash-utility
Contribution Guidelines: https://github.com/crash-utility/crash/wiki
