Page MenuHomeFreeBSD
Differential D30778

dtrace: fix an out of bound read and a NULL pointer increment
ClosedPublic
Actions

Authored by domagoj.stolfa_gmail.com on Jun 15 2021, 8:20 PM.
Tags
Referenced Files
Unknown Object (File)
Feb 11 2024, 9:24 PM
Unknown Object (File)
Feb 7 2024, 12:35 AM
Unknown Object (File)
Dec 20 2023, 6:55 AM
Unknown Object (File)
Dec 10 2023, 3:01 PM
Unknown Object (File)
Oct 29 2023, 9:19 AM
Unknown Object (File)
Sep 6 2023, 1:13 AM
Unknown Object (File)
Aug 14 2023, 5:10 PM
Unknown Object (File)
Aug 14 2023, 6:12 AM
View All 25 Files
Subscribers
None

Details

Reviewers
markj
gnn
Group Reviewers
DTrace
Commits
rGa877965fa3da: dtrace: fix an out of bound read and a NULL pointer increment
Summary

In dt_cc.c when the provider is an empty string, accessing strlen(pdp->dtpd_provider) - 1 will result in a pdp->dtpd_provider[-1] access.

Similarly, in dt_ident.c, if p2 is a NULL pointer, doing a p2++ on it is undefined behaviour.

Signed-off-by: Domagoj Stolfa <domagoj.stolfa@gmail.com>
Sponsored by: Google

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

domagoj.stolfa_gmail.com created this revision.Jun 15 2021, 8:20 PM
Herald added a reviewer: gnn. · View Herald TranscriptJun 15 2021, 8:20 PM
domagoj.stolfa_gmail.com requested review of this revision.Jun 15 2021, 8:20 PM
markj accepted this revision as: markj.Jun 15 2021, 8:53 PM

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c
223

I think these two lines could just be p2 = strchr(p2 + 1, ','); but I don't have a strong preference.

This revision is now accepted and ready to land.Jun 15 2021, 8:53 PM
domagoj.stolfa_gmail.com added a comment.Jun 16 2021, 3:01 PM
In D30778#691982, @markj wrote:

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like and a Sponsored by: Google.

Thanks!

domagoj.stolfa_gmail.com edited the summary of this revision. (Show Details)Jun 16 2021, 3:02 PM
domagoj.stolfa_gmail.com edited the summary of this revision. (Show Details)
markj added a comment.Jun 16 2021, 3:41 PM
In D30778#692214, @domagoj.stolfa_gmail.com wrote:
In D30778#691982, @markj wrote:

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like

I prefer not to since we don't have a policy around it, at least not yet. If you prefer to have it, then I'll keep it.

domagoj.stolfa_gmail.com added a comment.Jun 16 2021, 3:45 PM
In D30778#692250, @markj wrote:
In D30778#692214, @domagoj.stolfa_gmail.com wrote:
In D30778#691982, @markj wrote:

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like

I prefer not to since we don't have a policy around it, at least not yet. If you prefer to have it, then I'll keep it.

That's fine -- no need to put it in then. Just a "Sponsored by: Google" is fine :). Thanks!

Closed by commit rGa877965fa3da: dtrace: fix an out of bound read and a NULL pointer increment (authored by domagoj.stolfa_gmail.com, committed by markj). · Explain WhyJun 17 2021, 5:54 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGa877965fa3da: dtrace: fix an out of bound read and a NULL pointer increment.

Revision Contents
Changeset List

PathSize
cddl/
contrib/
opensolaris/
lib/
libdtrace/
common/
6 lines
4 lines

Diff 90928

View Options

cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c

Loading...
View Options

cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c

Loading...