queue-4.19/tools-lib-traceevent-fix-buffer-overflow-in-arg_eval.patch

   1 From 62c6d6ac1f3bb1ecabdd04f778be62d8912c4f9f Mon Sep 17 00:00:00 2001
   2 From: Tony Jones <tonyj@suse.de>
   3 Date: Wed, 27 Feb 2019 17:55:32 -0800
   4 Subject: tools lib traceevent: Fix buffer overflow in arg_eval
   5
   6 [ Upstream commit 7c5b019e3a638a5a290b0ec020f6ca83d2ec2aaa ]
   7
   8 Fix buffer overflow observed when running perf test.
   9
  10 The overflow is when trying to evaluate "1ULL << (64 - 1)" which is
  11 resulting in -9223372036854775808 which overflows the 20 character
  12 buffer.
  13
  14 If is possible this bug has been reported before but I still don't see
  15 any fix checked in:
  16
  17 See: https://www.spinics.net/lists/linux-perf-users/msg07714.html
  18
  19 Reported-by: Michael Sartain <mikesart@fastmail.com>
  20 Reported-by: Mathias Krause <minipli@googlemail.com>
  21 Signed-off-by: Tony Jones <tonyj@suse.de>
  22 Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
  23 Cc: Frederic Weisbecker <fweisbec@gmail.com>
  24 Fixes: f7d82350e597 ("tools/events: Add files to create libtraceevent.a")
  25 Link: http://lkml.kernel.org/r/20190228015532.8941-1-tonyj@suse.de
  26 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
  27 Signed-off-by: Sasha Levin <sashal@kernel.org>
  28 ---
  29  tools/lib/traceevent/event-parse.c | 2 +-
  30  1 file changed, 1 insertion(+), 1 deletion(-)
  31
  32 diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c
  33 index 75de355a63d6..10985d991ed2 100644
  34 --- a/tools/lib/traceevent/event-parse.c
  35 +++ b/tools/lib/traceevent/event-parse.c
  36 @@ -2416,7 +2416,7 @@ static int arg_num_eval(struct print_arg *arg, long long *val)
  37  static char *arg_eval (struct print_arg *arg)
  38  {
  39         long long val;
  40 -       static char buf[20];
  41 +       static char buf[24];
  42
  43         switch (arg->type) {
  44         case PRINT_ATOM:
  45 --
  46 2.19.1
  47