diff options
author | Sohom Datta <sohomdatta1@gmail.com> | 2022-12-04 16:28:35 +0530 |
---|---|---|
committer | Arnaldo Carvalho de Melo <acme@redhat.com> | 2023-01-18 10:33:00 -0300 |
commit | 85c44913969bd27f15229c39383da1291800d7e9 (patch) | |
tree | 491b75227f34dd06a6012d4ab502ba3dc72f874c | |
parent | c905ecfbb8e5d54bbcdd2a1706b925baf1728cfe (diff) | |
download | linux-85c44913969bd27f15229c39383da1291800d7e9.tar.bz2 |
perf expr: Prevent normalize() from reading into undefined memory in the expression lexer
The current implementation does not account for a trailing backslash
followed by a null-byte.
If a null-byte is encountered following a backslash, normalize() will
continue reading (and potentially writing) into garbage memory ignoring
the EOS null-byte.
Signed-off-by: Sohom Datta <sohomdatta1+git@gmail.com>
Acked-by: Ian Rogers <irogers@google.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: https://lore.kernel.org/r/20221204105836.1012885-1-sohomdatta1+git@gmail.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-rw-r--r-- | tools/perf/util/expr.l | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l index 0168a9637330..d47de5f270a8 100644 --- a/tools/perf/util/expr.l +++ b/tools/perf/util/expr.l @@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime) char *dst = str; while (*str) { - if (*str == '\\') + if (*str == '\\') { *dst++ = *++str; + if (!*str) + break; + } else if (*str == '?') { char *paramval; int i = 0; |