Page MenuHomeFreeBSD
Differential D30778

dtrace: fix an out of bound read and a NULL pointer increment
ClosedPublic
Actions

Authored by domagoj.stolfa_gmail.com on Jun 15 2021, 8:20 PM.
Tags
Referenced Files
Unknown Object (File)
Fri, Nov 15, 2:34 PM
Unknown Object (File)
Thu, Nov 14, 12:42 AM
Unknown Object (File)
Wed, Nov 13, 7:39 AM
Unknown Object (File)
Tue, Nov 12, 6:53 PM
Unknown Object (File)
Tue, Nov 12, 3:44 PM
Unknown Object (File)
Mon, Nov 11, 9:59 PM
Unknown Object (File)
Mon, Nov 11, 3:48 AM
Unknown Object (File)
Sun, Nov 10, 3:31 AM
View All 35 Files
Subscribers
None

Details

Reviewers
markj
gnn
Group Reviewers
DTrace
Commits
rGa877965fa3da: dtrace: fix an out of bound read and a NULL pointer increment
Summary

In dt_cc.c when the provider is an empty string, accessing strlen(pdp->dtpd_provider) - 1 will result in a pdp->dtpd_provider[-1] access.

Similarly, in dt_ident.c, if p2 is a NULL pointer, doing a p2++ on it is undefined behaviour.

Signed-off-by: Domagoj Stolfa <domagoj.stolfa@gmail.com>
Sponsored by: Google

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

domagoj.stolfa_gmail.com created this revision.Jun 15 2021, 8:20 PM
Herald added a reviewer: gnn. · View Herald TranscriptJun 15 2021, 8:20 PM
domagoj.stolfa_gmail.com requested review of this revision.Jun 15 2021, 8:20 PM
markj accepted this revision as: markj.Jun 15 2021, 8:53 PM

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c
215–216

I think these two lines could just be p2 = strchr(p2 + 1, ','); but I don't have a strong preference.

This revision is now accepted and ready to land.Jun 15 2021, 8:53 PM
domagoj.stolfa_gmail.com added a comment.Jun 16 2021, 3:01 PM
In D30778#691982, @markj wrote:

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like and a Sponsored by: Google.

Thanks!

domagoj.stolfa_gmail.com edited the summary of this revision. (Show Details)Jun 16 2021, 3:02 PM
domagoj.stolfa_gmail.com edited the summary of this revision. (Show Details)
markj added a comment.Jun 16 2021, 3:41 PM
In D30778#692214, @domagoj.stolfa_gmail.com wrote:
In D30778#691982, @markj wrote:

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like

I prefer not to since we don't have a policy around it, at least not yet. If you prefer to have it, then I'll keep it.

domagoj.stolfa_gmail.com added a comment.Jun 16 2021, 3:45 PM
In D30778#692250, @markj wrote:
In D30778#692214, @domagoj.stolfa_gmail.com wrote:
In D30778#691982, @markj wrote:

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like

I prefer not to since we don't have a policy around it, at least not yet. If you prefer to have it, then I'll keep it.

That's fine -- no need to put it in then. Just a "Sponsored by: Google" is fine :). Thanks!

Closed by commit rGa877965fa3da: dtrace: fix an out of bound read and a NULL pointer increment (authored by domagoj.stolfa_gmail.com, committed by markj). · Explain WhyJun 17 2021, 5:54 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGa877965fa3da: dtrace: fix an out of bound read and a NULL pointer increment.

Revision Contents
Changeset List

PathSize
cddl/
contrib/
opensolaris/
lib/
libdtrace/
common/
6 lines
4 lines

Diff 91023

View Options

cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c

Loading...
View Options

cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c

Loading...