From: Mathieu Desnoyers Date: Tue, 9 Oct 2012 16:47:31 +0000 (-0400) Subject: Fix: memcpy of string is larger than source X-Git-Tag: v2.1.0-rc2~27 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=1c7b4a9b7cc83f750a7d58d5e2f4894a2559f583;p=lttng-ust.git Fix: memcpy of string is larger than source Hollis Blanchard wrote: > I seem to have hit a little problem with a "hello world" test app and > lttng-ust 2.0.3. lttng-ust.git seems to be affected as well. Basically, > I created a single UST tracepoint, but as soon as I run "lttng > enable-event -u -a", my app segfaults. The problem seems to be that when > creating the event to pass to ltt_event_create(), we try to memcpy the > full 256 bytes of name. However, the name might be shorter, and if we > get unlucky it falls within 256 bytes of the segment boundary... Fixing the 3 sites where this issue arise. Manually inspecting all memcpy in the UST code returned by grep did the job. Reported-by: Hollis Blanchard Signed-off-by: Mathieu Desnoyers --- diff --git a/liblttng-ust/compat.h b/liblttng-ust/compat.h index 4d4a4368..43b2223e 100644 --- a/liblttng-ust/compat.h +++ b/liblttng-ust/compat.h @@ -56,7 +56,7 @@ void lttng_ust_getprocname(char *name) if (!bsd_name) name[0] = '\0'; else - memcpy(name, bsd_name, LTTNG_UST_PROCNAME_LEN - 1); + strncpy(name, bsd_name, LTTNG_UST_PROCNAME_LEN - 1); } #endif diff --git a/liblttng-ust/ltt-events.c b/liblttng-ust/ltt-events.c index 32135c85..7a7fd7ef 100644 --- a/liblttng-ust/ltt-events.c +++ b/liblttng-ust/ltt-events.c @@ -246,9 +246,10 @@ int pending_probe_fix_events(const struct lttng_event_desc *desc) memcpy(&event_param, &sw->event_param, sizeof(event_param)); - memcpy(event_param.name, + strncpy(event_param.name, desc->name, sizeof(event_param.name)); + event_param.name[sizeof(event_param.name) - 1] = '\0'; /* create event */ ret = ltt_event_create(sw->chan, &event_param, &ev); diff --git a/liblttng-ust/ltt-probes.c b/liblttng-ust/ltt-probes.c index d04ce221..aeb6db65 100644 --- a/liblttng-ust/ltt-probes.c +++ b/liblttng-ust/ltt-probes.c @@ -390,9 +390,10 @@ void ltt_probes_create_wildcard_events(struct wildcard_entry *entry, memcpy(&event_param, &wildcard->event_param, sizeof(event_param)); - memcpy(event_param.name, + strncpy(event_param.name, event_desc->name, sizeof(event_param.name)); + event_param.name[sizeof(event_param.name) - 1] = '\0'; /* create event */ ret = ltt_event_create(wildcard->chan, &event_param, &ev);