From: "Steven Rostedt (Red Hat)" <[email protected]> To be really paranoid about writing out of bound data in trace_printk_seq(), add another check of len compared to size.
Link: http://lkml.kernel.org/r/[email protected] Suggested-by: Petr Mladek <[email protected]> Reviewed-by: Petr Mladek <[email protected]> Signed-off-by: Steven Rostedt <[email protected]> --- kernel/trace/trace.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 9023446b2c2b..26facec4625e 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -6656,6 +6656,14 @@ trace_printk_seq(struct trace_seq *s) if (s->seq.len >= TRACE_MAX_PRINT) s->seq.len = TRACE_MAX_PRINT; + /* + * More paranoid code. Although the buffer size is set to + * PAGE_SIZE, and TRACE_MAX_PRINT is 1000, this is just + * an extra layer of protection. + */ + if (WARN_ON_ONCE(s->seq.len >= s->seq.size)) + s->seq.len = s->seq.size - 1; + /* should be zero ended, but we are paranoid. */ s->buffer[s->seq.len] = 0; -- 2.1.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
