From 2e3bc18672f0cede0332ae3194eb2e33d4cc5fd7 Mon Sep 17 00:00:00 2001 From: Matthias Maennich Date: Thu, 18 Nov 2021 19:44:50 +0000 Subject: [PATCH] dwfl: fix potential overflow when reporting on kernel modules dwfl_linux_kernel_report_modules_ has an outstanding ancient bug when reading kernel module information from a modules list file. The target buffer for the module name was sized too small to hold potential values. Fix that by increasing the value to account for the null termination. In practice, this unlikely ever happened, but it now got diagnosed by LLVM as part of a stricter -Wfortify-source implementation [1]: libdwfl/linux-kernel-modules.c:1019:7: error: 'sscanf' may overflow; destination buffer in argument 3 has size 128, but the corresponding specifier may require size 129 [-Werror,-Wfortify-source] modname, &modsz, &modaddr) == 3) [1] https://github.com/llvm/llvm-project/commit/2db66f8d48beeea835cb9a6940e25bc04ab5d941 Suggested-by: Paul Pluzhnikov Signed-off-by: Matthias Maennich --- libdwfl/ChangeLog | 5 +++++ libdwfl/linux-kernel-modules.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog index f7e24a211..57b2c494c 100644 --- a/libdwfl/ChangeLog +++ b/libdwfl/ChangeLog @@ -1,3 +1,8 @@ +2021-11-18 Matthias Maennich + + * linux-kernel-modules.c (dwfl_linux_kernel_report_modules): + Add one to modname array size. + 2021-02-14 Alexander Miller * core-file.c (dwfl_core_file_report): Move NEW_VERSION before diff --git a/libdwfl/linux-kernel-modules.c b/libdwfl/linux-kernel-modules.c index c0f8dfa4a..58c0c417a 100644 --- a/libdwfl/linux-kernel-modules.c +++ b/libdwfl/linux-kernel-modules.c @@ -1008,7 +1008,7 @@ dwfl_linux_kernel_report_modules (Dwfl *dwfl) int result = 0; Dwarf_Addr modaddr; unsigned long int modsz; - char modname[128]; + char modname[128+1]; char *line = NULL; size_t linesz = 0; /* We can't just use fscanf here because it's not easy to distinguish \n -- 2.47.2