diff mbox

kallsyms: Fix segfault in prefix_underscores_count().

Message ID 20090916064840.GC5805@linux-sh.org (mailing list archive)
State New, archived
Headers show

Commit Message

Paul Mundt Sept. 16, 2009, 6:48 a.m. UTC 
On Wed, Sep 16, 2009 at 02:28:54PM +0800, Li Zefan wrote:
> Paul Mundt wrote:
> > Commit b478b782e110fdb4135caa3062b6d687e989d994 "kallsyms, tracing:
> > output more proper symbol name" introduces a "bugfix" that introduces
> > a segfault in kallsyms in my configurations.
> > 
> > The cause is the introduction of prefix_underscores_count() which
> > attempts to count underscores, even in symbols that do not have them.
> > As a result, it just uselessly runs past the end of the buffer until it
> > crashes:
> > 
> 
> But the fix looks obviously correct, as long as @str is guaranteed
> to be NULL-terminated.
> 
> ...
> > @@ -584,9 +538,14 @@ static int may_be_linker_script_provide_symbol(const struct sym_entry *se)
> >  static int prefix_underscores_count(const char *str)
> >  {
> >  	const char *tail = str;
> > +	size_t len = strlen(str);
> > +
> > +	while (*tail != '_') {
> > +		if (!len--)
> > +			return 0;
> >  
> > -	while (*tail != '_')
> >  		tail++;
> > +	}
> 
> Can be simplified as:
> 
> 	while (*tail != '\0' && *tail != '_')
> 		tail++;
> 
> But..as the name "prefix_underscores_count" suggests, shouldn't
> it be:
> 	while (*tail == '_')
> 		tail++;
> ??
> 
Yes, that was what I did initially as well, but the behaviour is not
exactly the same, and I wanted an explanation from Lai if there were some
other intentions for the code. In any event, simplifying it still manages
to do the right thing, so I'm fine with that.

------------------------
Subject: [PATCH] kallsyms: Fix segfault in prefix_underscores_count().

Commit b478b782e110fdb4135caa3062b6d687e989d994 "kallsyms, tracing:
output more proper symbol name" introduces a "bugfix" that introduces
a segfault in kallsyms in my configurations.

The cause is the introduction of prefix_underscores_count() which
attempts to count underscores, even in symbols that do not have them.
As a result, it just uselessly runs past the end of the buffer until it
crashes:

  CC      init/version.o
  LD      init/built-in.o
  LD      .tmp_vmlinux1
  KSYM    .tmp_kallsyms1.S
/bin/sh: line 1: 16934 Done                    sh-linux-gnu-nm -n .tmp_vmlinux1
     16935 Segmentation fault      | scripts/kallsyms > .tmp_kallsyms1.S
make: *** [.tmp_kallsyms1.S] Error 139

This simplifies the logic and just does a straightforward count.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>

---

 scripts/kallsyms.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Li Zefan Sept. 16, 2009, 7:06 a.m. UTC | #1 
>> But..as the name "prefix_underscores_count" suggests, shouldn't
>> it be:
>> 	while (*tail == '_')
>> 		tail++;
>> ??
>>
> Yes, that was what I did initially as well, but the behaviour is not
> exactly the same, and I wanted an explanation from Lai if there were some
> other intentions for the code. In any event, simplifying it still manages
> to do the right thing, so I'm fine with that.
> 

I know what happened.

Lai sent this patch:
	http://lkml.org/lkml/2009/3/13/72

And he himself found the bug, and fixed it and resent it:
	http://lkml.org/lkml/2009/3/13/156

But Andrew mistakenly picked up the former one.

> ------------------------
> Subject: [PATCH] kallsyms: Fix segfault in prefix_underscores_count().
> 
> Commit b478b782e110fdb4135caa3062b6d687e989d994 "kallsyms, tracing:
> output more proper symbol name" introduces a "bugfix" that introduces
> a segfault in kallsyms in my configurations.
> 
> The cause is the introduction of prefix_underscores_count() which
> attempts to count underscores, even in symbols that do not have them.
> As a result, it just uselessly runs past the end of the buffer until it
> crashes:
> 
>   CC      init/version.o
>   LD      init/built-in.o
>   LD      .tmp_vmlinux1
>   KSYM    .tmp_kallsyms1.S
> /bin/sh: line 1: 16934 Done                    sh-linux-gnu-nm -n .tmp_vmlinux1
>      16935 Segmentation fault      | scripts/kallsyms > .tmp_kallsyms1.S
> make: *** [.tmp_kallsyms1.S] Error 139
> 
> This simplifies the logic and just does a straightforward count.
> 
> Signed-off-by: Paul Mundt <lethal@linux-sh.org>
> 

Reviewed-by: Li Zefan <lizf@cn.fujitsu.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
index 64343cc..86c3896 100644
--- a/scripts/kallsyms.c
+++ b/scripts/kallsyms.c
@@ -585,7 +585,7 @@  static int prefix_underscores_count(const char *str)
 {
 	const char *tail = str;
 
-	while (*tail != '_')
+	while (*tail == '_')
 		tail++;
 
 	return tail - str;