We may overrun the bounds because linfo and jited_linfo are already
advanced to prog->aux->linfo_idx, hence we must only iterate the
remaining elements until we reach prog->aux->nr_linfo. Adjust the
nr_linfo calculation to fix this. Reported in [0].
[0]: https://lore.kernel.org/bpf/
f3527af3b0620ce36e299e97e7532d2555018de2.camel@gmail.com
Reported-by: Eduard Zingerman <eddyz87@gmail.com>
Fixes: 0e521efaf363 ("bpf: Add function to extract program source info")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20250705053035.3020320-2-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
struct bpf_line_info *linfo;
void **jited_linfo;
struct btf *btf;
+ int nr_linfo;
btf = prog->aux->btf;
linfo = prog->aux->linfo;
insn_start = linfo[0].insn_off;
insn_end = insn_start + len;
+ nr_linfo = prog->aux->nr_linfo - prog->aux->linfo_idx;
- for (int i = 0; i < prog->aux->nr_linfo &&
+ for (int i = 0; i < nr_linfo &&
linfo[i].insn_off >= insn_start && linfo[i].insn_off < insn_end; i++) {
if (jited_linfo[i] >= (void *)ip)
break;
projects / thirdparty / kernel / stable.git / commitdiff
