There could be something wrong in the symbol name buffer for a kernel module. That could lead to reading from outside of "strbuf" in crash util code.
Fix: Theck the index VS strbuf size and skip that symbol in case of out of band. Signed-off-by: Wengang Wang <[email protected]> --- symbols.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/symbols.c b/symbols.c index 5d7da6e..0b68ba9 100644 --- a/symbols.c +++ b/symbols.c @@ -1965,12 +1965,20 @@ store_module_symbols_v2(ulong total, int mods_installed) BZERO(buf1, BUFSIZE); - if (strbuf) - strcpy(buf1, - &strbuf[modsym_name(gpl_syms, modsym, i) - first]); - else + if (strbuf) { + unsigned long addr = modsym_name(gpl_syms, modsym, i); + unsigned long index = addr - first; + + if (index < strbuflen) + strncpy(buf1, + &strbuf[index], BUFSIZE - 1); + else + fprintf(fp, "\nWarning: module \"%s\" has invalid address %lx for %dth symbol\n", + lm->mod_name, addr, i); + } else { read_string(modsym_name(gpl_syms, modsym, i), buf1, BUFSIZE-1); + } if (strlen(buf1)) { st->ext_module_symtable[mcnt].value = -- 2.21.0 (Apple Git-122.2) -- Crash-utility mailing list [email protected] https://listman.redhat.com/mailman/listinfo/crash-utility
