From nobody Wed Apr 1 20:39:41 2026 Received: from cstnet.cn (smtp21.cstnet.cn [159.226.251.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C258944B69C; Wed, 1 Apr 2026 16:03:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=159.226.251.21 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775059406; cv=none; b=Yp/XLmNATCmFaVicJKVAZWlrSN6zl8Vt3b155Fa2U6yT+GyLxFZMqJTQmZ+2z4R2M9IWwuA7otwXLfArhA3ZuM9aIWZW0s01Z6SLdFGjT3kWOWVrdSO40+WysgJAR/eTcVLjr7FMPuBPKp7ChVXdZ7/FD4ya5hHgGWuWJ66M3wQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775059406; c=relaxed/simple; bh=Xfcsn42dSi6zKcGRNPg1zji0TtksE/JsG6g4ptE1dP4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=h1EMGlQXDuvTxL/ePMGlVmc+aTof4oCAMJZiRjyTiJ1pgsS/vEu4IiR2QmYjc3zsUSCYnZiH69E8iojHT0Js9qKv7QGY/Y+0Y+fdK2V2XdJ86h0p3KFkOLZKiVGaOooP7tkQ3n79ZzKuGJYGS0N7+EtpghXs2SKjXAYlFCOiRnE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=iscas.ac.cn; spf=pass smtp.mailfrom=iscas.ac.cn; arc=none smtp.client-ip=159.226.251.21 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=iscas.ac.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iscas.ac.cn Received: from localhost.localdomain (unknown [111.196.245.197]) by APP-01 (Coremail) with SMTP id qwCowAB3IGzDQc1pvRThCw--.44120S2; Thu, 02 Apr 2026 00:03:15 +0800 (CST) From: Pengpeng Hou To: rostedt@goodmis.org Cc: mhiramat@kernel.org, mathieu.desnoyers@efficios.com, linux-trace-kernel@vger.kernel.org, linux-kernel@vger.kernel.org, pengpeng@iscas.ac.cn Subject: [PATCH v2] tracing/probe: reject empty immediate strings Date: Thu, 2 Apr 2026 00:03:15 +0800 Message-ID: <20260401160315.88518-1-pengpeng@iscas.ac.cn> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20260330062920.40766-1-pengpeng@iscas.ac.cn> References: <20260330062920.40766-1-pengpeng@iscas.ac.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: qwCowAB3IGzDQc1pvRThCw--.44120S2 X-Coremail-Antispam: 1UD129KBjvdXoWrur4DuF4UArWxGFyrWFW8Crg_yoWkAFg_uw 1kKa1kXw48GrnF9w4fJayrZr47t3WUXF1j9anFyFW5Z345Wrn8JFnakwn3tryUGrWvgr9x Ar9Igr18uF15AjkaLaAFLSUrUUUUjb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUb48FF20E14v26r1j6r4UM7CY07I20VC2zVCF04k26cxKx2IYs7xG 6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8w A2z4x0Y4vE2Ix0cI8IcVAFwI0_Gr0_Xr1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr0_ Cr1l84ACjcxK6I8E87Iv67AKxVWUJVW8JwA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_Gr0_Gr 1UM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMcIj6xII jxv20xvE14v26r1Y6r17McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr 1lF7xvr2IYc2Ij64vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7MxkF7I0En4kS14v26r12 6r1DMxAIw28IcxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI 0_Jr0_Jr4lx2IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUAVWUtwCIc40Y 0x0EwIxGrwCI42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxV W8JVWxJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_Jr0_Gr1l IxAIcVC2z280aVCY1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7VUbb_-PUUUU U== X-CM-SenderInfo: pshqw1xhqjqxpvfd2hldfou0/ Content-Type: text/plain; charset="utf-8" parse_probe_arg() accepts quoted immediate strings and passes the body after the opening quote to __parse_imm_string(). That helper currently computes strlen(str) and immediately dereferences str[len - 1], which underflows when the body is empty. Reject empty immediate strings before checking for the closing quote. Fixes: a42e3c4de964 ("tracing/probe: Add immediate string parameter support= ") Signed-off-by: Pengpeng Hou Reviewed-by: Steven Rostedt (Google) --- Changes since v1: - resend as a standalone patch instead of part of an accidental cross-subsystem 1/4 series kernel/trace/trace_probe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index e0a5dc86c07e..e1c73065dae5 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -1068,7 +1068,7 @@ static int __parse_imm_string(char *str, char **pbuf,= int offs) { size_t len =3D strlen(str); =20 - if (str[len - 1] !=3D '"') { + if (!len || str[len - 1] !=3D '"') { trace_probe_log_err(offs + len, IMMSTR_NO_CLOSE); return -EINVAL; } --=20 2.50.1 (Apple Git-155)