From 1c7b4a9b7cc83f750a7d58d5e2f4894a2559f583 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Tue, 9 Oct 2012 12:47:31 -0400 Subject: [PATCH] Fix: memcpy of string is larger than source Hollis Blanchard wrote: > I seem to have hit a little problem with a "hello world" test app and > lttng-ust 2.0.3. lttng-ust.git seems to be affected as well. Basically, > I created a single UST tracepoint, but as soon as I run "lttng > enable-event -u -a", my app segfaults. The problem seems to be that when > creating the event to pass to ltt_event_create(), we try to memcpy the > full 256 bytes of name. However, the name might be shorter, and if we > get unlucky it falls within 256 bytes of the segment boundary... Fixing the 3 sites where this issue arise. Manually inspecting all memcpy in the UST code returned by grep did the job. Reported-by: Hollis Blanchard Signed-off-by: Mathieu Desnoyers --- liblttng-ust/compat.h | 2 +- liblttng-ust/ltt-events.c | 3 ++- liblttng-ust/ltt-probes.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/liblttng-ust/compat.h b/liblttng-ust/compat.h index 4d4a4368..43b2223e 100644 --- a/liblttng-ust/compat.h +++ b/liblttng-ust/compat.h @@ -56,7 +56,7 @@ void lttng_ust_getprocname(char *name) if (!bsd_name) name[0] = '\0'; else - memcpy(name, bsd_name, LTTNG_UST_PROCNAME_LEN - 1); + strncpy(name, bsd_name, LTTNG_UST_PROCNAME_LEN - 1); } #endif diff --git a/liblttng-ust/ltt-events.c b/liblttng-ust/ltt-events.c index 32135c85..7a7fd7ef 100644 --- a/liblttng-ust/ltt-events.c +++ b/liblttng-ust/ltt-events.c @@ -246,9 +246,10 @@ int pending_probe_fix_events(const struct lttng_event_desc *desc) memcpy(&event_param, &sw->event_param, sizeof(event_param)); - memcpy(event_param.name, + strncpy(event_param.name, desc->name, sizeof(event_param.name)); + event_param.name[sizeof(event_param.name) - 1] = '\0'; /* create event */ ret = ltt_event_create(sw->chan, &event_param, &ev); diff --git a/liblttng-ust/ltt-probes.c b/liblttng-ust/ltt-probes.c index d04ce221..aeb6db65 100644 --- a/liblttng-ust/ltt-probes.c +++ b/liblttng-ust/ltt-probes.c @@ -390,9 +390,10 @@ void ltt_probes_create_wildcard_events(struct wildcard_entry *entry, memcpy(&event_param, &wildcard->event_param, sizeof(event_param)); - memcpy(event_param.name, + strncpy(event_param.name, event_desc->name, sizeof(event_param.name)); + event_param.name[sizeof(event_param.name) - 1] = '\0'; /* create event */ ret = ltt_event_create(wildcard->chan, &event_param, &ev); -- 2.34.1