1. Patchew
  2. linux
  3. [PATCH v2 0/3] rtla: fix cgroup and trace options parsing
  4. View patch

[PATCH v2 1/3] rtla: fix buffer overflow in actions_parse

Ivan Pravdin posted 3 patches 1 month, 3 weeks ago
There is a newer version of this series
[PATCH v2 1/3] rtla: fix buffer overflow in actions_parse
Posted by Ivan Pravdin 1 month, 3 weeks ago 
Currently, tests 3 and 13-22 in tests/timerlat.t fail with error:

    *** buffer overflow detected ***: terminated
    timeout: the monitored command dumped core

The result of running `sudo make check` is

    tests/timerlat.t (Wstat: 0 Tests: 22 Failed: 11)
      Failed tests:  3, 13-22
    Files=3, Tests=34, 140 wallclock secs ( 0.07 usr  0.01 sys + 27.63 cusr
    27.96 csys = 55.67 CPU)
    Result: FAIL

Fix buffer overflow in actions_parse to avoid this error. After this
change, the tests results are

    tests/hwnoise.t ... ok
    tests/osnoise.t ... ok
    tests/timerlat.t .. ok
    All tests successful.
    Files=3, Tests=34, 186 wallclock secs ( 0.06 usr  0.01 sys + 41.10 cusr
    44.38 csys = 85.55 CPU)
    Result: PASS

Fixes: 6ea082b171e0 ("rtla/timerlat: Add action on threshold feature")
Signed-off-by: Ivan Pravdin <ipravdin.official@gmail.com>
---
 tools/tracing/rtla/src/actions.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/tracing/rtla/src/actions.c b/tools/tracing/rtla/src/actions.c
index aaf0808125d7..eab51c0c0ce2 100644
--- a/tools/tracing/rtla/src/actions.c
+++ b/tools/tracing/rtla/src/actions.c
@@ -131,7 +131,7 @@ actions_parse(struct actions *self, const char *trigger)
 {
 	enum action_type type = ACTION_NONE;
 	char *token;
-	char trigger_c[strlen(trigger)];
+	char trigger_c[strlen(trigger) + 1];
 
 	/* For ACTION_SIGNAL */
 	int signal = 0, pid = 0;
-- 
2.48.1
Re: [PATCH v2 1/3] rtla: fix buffer overflow in actions_parse
Posted by Tomas Glozar 1 month, 1 week ago 
út 12. 8. 2025 v 19:21 odesílatel Ivan Pravdin
<ipravdin.official@gmail.com> napsal:
>
> Currently, tests 3 and 13-22 in tests/timerlat.t fail with error:
>
>     *** buffer overflow detected ***: terminated
>     timeout: the monitored command dumped core
>
> The result of running `sudo make check` is
>
>     tests/timerlat.t (Wstat: 0 Tests: 22 Failed: 11)
>       Failed tests:  3, 13-22
>     Files=3, Tests=34, 140 wallclock secs ( 0.07 usr  0.01 sys + 27.63 cusr
>     27.96 csys = 55.67 CPU)
>     Result: FAIL
>

Interestingly, I don't get this failure on my machine. Maybe due to
some compiler difference, the buffer overflow is not caught. Thank you
for the fix. Since the "signal" field is next to the buffer, and is
written after the strcpy, this might corrupt the PID number reading
for a command like:

$ rtla timerlat hist -D --on-threshold signal,num=2,pid=42

Reviewed-by: Tomas Glozar <tglozar@redhat.com>

Tomas

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.