From c6ced91f3c12de5906a1b9c898ceaf334424a9d1 Mon Sep 17 00:00:00 2001 From: Quentin Perret Date: Fri, 14 Dec 2018 09:05:20 +0000 Subject: [PATCH] ANDROID: sched/events: Fix out of bound memory access MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit GCC 8 provides the following warning: ./include/trace/events/sched.h:736:3: warning: ‘memcpy’ forming offset [8, 16] is out of the bounds [0, 7] [-Warray-bounds] memcpy(__entry->comm, p ? p->comm : "(null)", TASK_COMM_LEN); Indeed, in the case where p==NULL, we copy TASK_COMM_LEN bytes from the memory location where "(null)" is stored, which is incorrect. Fix this by making sure to pass the right size parameter to memcpy in all cases. Bug: 120440300 Test: Compilation warning gone, no changes noticed in traces Fixes: acfe25da3551 ("ANDROID: sched/events: Introduce sched_entity load tracking trace event") Change-Id: Id93c9c0265f10c09b731daca25401696785b4b1e Suggested-by: Dietmar Eggemann Signed-off-by: Quentin Perret --- include/trace/events/sched.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/trace/events/sched.h b/include/trace/events/sched.h index 76c6ae3d422e..ccc96c0738bb 100644 --- a/include/trace/events/sched.h +++ b/include/trace/events/sched.h @@ -748,7 +748,8 @@ TRACE_EVENT(sched_load_se, __entry->cpu = __trace_sched_cpu(gcfs_rq, se); __trace_sched_path(gcfs_rq, __get_dynamic_array(path), __get_dynamic_array_len(path)); - memcpy(__entry->comm, p ? p->comm : "(null)", TASK_COMM_LEN); + memcpy(__entry->comm, p ? p->comm : "(null)", + p ? TASK_COMM_LEN : sizeof("(null)")); __entry->pid = p ? p->pid : -1; __entry->load = se->avg.load_avg; __entry->util = se->avg.util_avg; -- 2.20.1