projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f61668)
tracing: Don't make assumptions about length of string on task rename
authorSasha Levin <sasha.levin@oracle.com>
Fri, 28 Aug 2015 11:06:58 +0000 (07:06 -0400)
committerSteven Rostedt <rostedt@goodmis.org>
Mon, 31 Aug 2015 14:47:14 +0000 (10:47 -0400)
While the dest comm string size is assured to be at least TASK_COMM_LEN long,
doing a memcpy() also adds the assumption that the source is at least that
long as well, which isn't assured, and isn't true in cases such as:

set_task_comm(worker->task, "kworker/dying");

This leads to accessing invalid memory.

Link: http://lkml.kernel.org/r/1440760018-1557-1-git-send-email-sasha.levin@oracle.com
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
include/trace/events/task.h patch | blob | blame | history

diff --git a/include/trace/events/task.h b/include/trace/events/task.h
index dee3bb1d5a6b5b28d001b98f46ea9694d7a6bb65..2cca6cd342d897f90269cf1542df40d4a1858a18 100644 (file)
--- a/include/trace/events/task.h
+++ b/include/trace/events/task.h
@@ -46,7 +46,7 @@ TRACE_EVENT(task_rename,
        TP_fast_assign(
                __entry->pid = task->pid;
                memcpy(entry->oldcomm, task->comm, TASK_COMM_LEN);
-               memcpy(entry->newcomm, comm, TASK_COMM_LEN);
+               strlcpy(entry->newcomm, comm, TASK_COMM_LEN);
                __entry->oom_score_adj = task->signal->oom_score_adj;
        ),