[PATCH v2] trace-cmd: prevent print_graph_duration buffer overflow

From: Chase Douglas
Date: Tue Jun 15 2010 - 10:47:18 EST

Passing n > sizeof(string) to snprintf can cause a glibc buffer overflow
condition. We know the exact size of nsecs_str, so use it along with the
the math to determine the longest string size we want.

Note that an overflow isn't really possible given the format of the
string. However, glibc would abort due to a runtime check.

Signed-off-by: Chase Douglas <chase.douglas@xxxxxxxxxxxxx>
trace-ftrace.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/trace-ftrace.c b/trace-ftrace.c
index af9ac8d..181a00f 100644
--- a/trace-ftrace.c
+++ b/trace-ftrace.c
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/param.h>

#include "trace-cmd.h"

@@ -148,7 +149,7 @@ static void print_graph_duration(struct trace_seq *s, unsigned long long duratio

/* Print nsecs (we don't want to exceed 7 numbers) */
if ((s->len - len) < 7) {
- snprintf(nsecs_str, 8 - (s->len - len), "%03lu", nsecs_rem);
+ snprintf(nsecs_str, MIN(sizeof(nsecs_str), 8 - len), "%03lu", nsecs_rem);
trace_seq_printf(s, ".%s", nsecs_str);


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/