[PATCH V2 13/14] perf tools: Do not accept parse_tag_value() overflow

From: Adrian Hunter
Date: Tue Oct 22 2013 - 03:36:00 EST

Next message: Adrian Hunter: "[PATCH V2 14/14] perf tools: Validate that mmap_pages is not too big"
Previous message: Adrian Hunter: "[PATCH V2 10/14] perf tools: Allow non-matching sample types"
In reply to: Adrian Hunter: "[PATCH V2 10/14] perf tools: Allow non-matching sample types"
Next in thread: Adrian Hunter: "[PATCH V2 14/14] perf tools: Validate that mmap_pages is not too big"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

parse_tag_value() accepts an "unsigned long" and
multiplies it according to a tag character. Do
not accept the value if the multiplication
overflows.

Signed-off-by: Adrian Hunter <adrian.hunter@xxxxxxxxx>
---
tools/perf/util/util.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/tools/perf/util/util.c b/tools/perf/util/util.c
index c25e57b..28a0a89 100644
--- a/tools/perf/util/util.c
+++ b/tools/perf/util/util.c
@@ -386,6 +386,8 @@ unsigned long parse_tag_value(const char *str, struct parse_tag *tags)
if (s != endptr)
break;

+ if (value > ULONG_MAX / i->mult)
+ break;
value *= i->mult;
return value;
}
--
1.7.11.7

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Hunter: "[PATCH V2 14/14] perf tools: Validate that mmap_pages is not too big"
Previous message: Adrian Hunter: "[PATCH V2 10/14] perf tools: Allow non-matching sample types"
In reply to: Adrian Hunter: "[PATCH V2 10/14] perf tools: Allow non-matching sample types"
Next in thread: Adrian Hunter: "[PATCH V2 14/14] perf tools: Validate that mmap_pages is not too big"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]