Commit-ID: 7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa Gitweb: https://git.kernel.org/tip/7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa Author: Tony Jones <to...@suse.de> AuthorDate: Wed, 27 Feb 2019 17:55:32 -0800 Committer: Arnaldo Carvalho de Melo <a...@redhat.com> CommitDate: Thu, 28 Feb 2019 16:06:47 -0300
tools lib traceevent: Fix buffer overflow in arg_eval Fix buffer overflow observed when running perf test. The overflow is when trying to evaluate "1ULL << (64 - 1)" which is resulting in -9223372036854775808 which overflows the 20 character buffer. If is possible this bug has been reported before but I still don't see any fix checked in: See: https://www.spinics.net/lists/linux-perf-users/msg07714.html Reported-by: Michael Sartain <mikes...@fastmail.com> Reported-by: Mathias Krause <mini...@googlemail.com> Signed-off-by: Tony Jones <to...@suse.de> Acked-by: Steven Rostedt (VMware) <rost...@goodmis.org> Cc: Frederic Weisbecker <fweis...@gmail.com> Fixes: f7d82350e597 ("tools/events: Add files to create libtraceevent.a") Link: http://lkml.kernel.org/r/20190228015532.8941-1-to...@suse.de Signed-off-by: Arnaldo Carvalho de Melo <a...@redhat.com> --- tools/lib/traceevent/event-parse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c index abd4fa5d3088..87494c7c619d 100644 --- a/tools/lib/traceevent/event-parse.c +++ b/tools/lib/traceevent/event-parse.c @@ -2457,7 +2457,7 @@ static int arg_num_eval(struct tep_print_arg *arg, long long *val) static char *arg_eval (struct tep_print_arg *arg) { long long val; - static char buf[20]; + static char buf[24]; switch (arg->type) { case TEP_PRINT_ATOM:
