When initializing trace_probes::nr_args, make sure the maximum number of probe arguments is honored. Oherwise, we can hit a NULL pointer dereferences in multiple situations like on traceprobe_set_print_fmt().
Link: https://bugzilla.redhat.com/2303876 Fixes: 035ba76014c0 ("tracing/probes: cleanup: Set trace_probe::nr_args at trace_probe_init") Signed-off-by: Fernando Fernandez Mancera <[email protected]> --- kernel/trace/trace_probe.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index 39877c80d6cb..f577b5e71026 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -2043,10 +2043,14 @@ int trace_probe_init(struct trace_probe *tp, const char *event, goto error; } - tp->nr_args = nargs; + if (nargs > MAX_TRACE_ARGS) + tp->nr_args = MAX_TRACE_ARGS; + else + tp->nr_args = nargs; + /* Make sure pointers in args[] are NULL */ if (nargs) - memset(tp->args, 0, sizeof(tp->args[0]) * nargs); + memset(tp->args, 0, sizeof(tp->args[0]) * tp->nr_args); return 0; -- 2.46.0
