Hi Wengang, Thanks for the patch.
-----Original Message----- > There could be something wrong in the symbol name buffer for > a kernel module. That could lead to reading from outside of > "strbuf" in crash util code. Do you mean that there is something wrong in the kernel and the patch is a fail-safe for that? If so, do you have any evidence or debugging information that can determine whether the kernel causes the issue? If there is likely to be a bug in the crash utility, I'd like to debug the root cause more. Thanks, Kazu > > Fix: > Theck the index VS strbuf size and skip that symbol in case of > out of band. > > Signed-off-by: Wengang Wang <[email protected]> > --- > symbols.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/symbols.c b/symbols.c > index 5d7da6e..0b68ba9 100644 > --- a/symbols.c > +++ b/symbols.c > @@ -1965,12 +1965,20 @@ store_module_symbols_v2(ulong total, int > mods_installed) > > BZERO(buf1, BUFSIZE); > > - if (strbuf) > - strcpy(buf1, > - &strbuf[modsym_name(gpl_syms, modsym, > i) - first]); > - else > + if (strbuf) { > + unsigned long addr = modsym_name(gpl_syms, > modsym, i); > + unsigned long index = addr - first; > + > + if (index < strbuflen) > + strncpy(buf1, > + &strbuf[index], BUFSIZE - 1); > + else > + fprintf(fp, "\nWarning: module \"%s\" > has invalid address %lx for %dth > symbol\n", > + lm->mod_name, addr, i); > + } else { > read_string(modsym_name(gpl_syms, modsym, i), > buf1, > BUFSIZE-1); > + } > > if (strlen(buf1)) { > st->ext_module_symtable[mcnt].value = > -- > 2.21.0 (Apple Git-122.2) > > -- > Crash-utility mailing list > [email protected] > https://listman.redhat.com/mailman/listinfo/crash-utility -- Crash-utility mailing list [email protected] https://listman.redhat.com/mailman/listinfo/crash-utility
