a9c51ea1dd
commit db2c549407d4a76563c579e4768f7d6d32afefba upstream.
This patch fixes an off-by-one error in strncpy size argument in
tools/perf/util/map.c. The issue is that in:
strncmp(filename, "/system/lib/", 11)
the passed string literal: "/system/lib/" has 12 bytes (without the NULL
byte) and the passed size argument is 11. As a result, the logic won't
match the ending "/" byte and will pass filepaths that are stored in
other directories e.g. "/system/libmalicious/bin" or just
"/system/libmalicious".
This functionality seems to be present only on Android. I assume the
/system/ directory is only writable by the root user, so I don't think
this bug has much (or any) security impact.
Fixes: eca818369996 ("perf tools: Add automatic remapping of Android libraries")
Signed-off-by: disconnect3d <dominik.b.czarnota@gmail.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Changbin Du <changbin.du@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: John Keeping <john@metanate.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Michael Lentine <mlentine@google.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lore.kernel.org/lkml/20200309104855.3775-1-dominik.b.czarnota@gmail.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|---|---|---|
| .. | ||
| include | ||
| intel-pt-decoder | ||
| scripting-engines | ||
| abspath.c | ||
| alias.c | ||
| annotate.c | ||
| annotate.h | ||
| auxtrace.c | ||
| auxtrace.h | ||
| bitmap.c | ||
| bpf-loader.c | ||
| bpf-loader.h | ||
| Build | ||
| build-id.c | ||
| build-id.h | ||
| cache.h | ||
| callchain.c | ||
| callchain.h | ||
| cgroup.c | ||
| cgroup.h | ||
| cloexec.c | ||
| cloexec.h | ||
| color.c | ||
| color.h | ||
| comm.c | ||
| comm.h | ||
| config.c | ||
| counts.c | ||
| counts.h | ||
| cpumap.c | ||
| cpumap.h | ||
| ctype.c | ||
| data-convert-bt.c | ||
| data-convert-bt.h | ||
| data.c | ||
| data.h | ||
| db-export.c | ||
| db-export.h | ||
| debug.c | ||
| debug.h | ||
| dso.c | ||
| dso.h | ||
| dwarf-aux.c | ||
| dwarf-aux.h | ||
| env.c | ||
| env.h | ||
| environment.c | ||
| event.c | ||
| event.h | ||
| evlist.c | ||
| evlist.h | ||
| evsel.c | ||
| evsel.h | ||
| exec_cmd.c | ||
| exec_cmd.h | ||
| find-vdso-map.c | ||
| generate-cmdlist.sh | ||
| header.c | ||
| header.h | ||
| help.c | ||
| help.h | ||
| hist.c | ||
| hist.h | ||
| intel-bts.c | ||
| intel-bts.h | ||
| intel-pt.c | ||
| intel-pt.h | ||
| intlist.c | ||
| intlist.h | ||
| kvm-stat.h | ||
| levenshtein.c | ||
| levenshtein.h | ||
| llvm-utils.c | ||
| llvm-utils.h | ||
| lzma.c | ||
| machine.c | ||
| machine.h | ||
| map.c | ||
| map.h | ||
| ordered-events.c | ||
| ordered-events.h | ||
| pager.c | ||
| parse-branch-options.c | ||
| parse-branch-options.h | ||
| parse-events.c | ||
| parse-events.h | ||
| parse-events.l | ||
| parse-events.y | ||
| parse-options.c | ||
| parse-options.h | ||
| parse-regs-options.c | ||
| parse-regs-options.h | ||
| path.c | ||
| perf_regs.c | ||
| perf_regs.h | ||
| PERF-VERSION-GEN | ||
| pmu.c | ||
| pmu.h | ||
| pmu.l | ||
| pmu.y | ||
| probe-event.c | ||
| probe-event.h | ||
| probe-file.c | ||
| probe-file.h | ||
| probe-finder.c | ||
| probe-finder.h | ||
| pstack.c | ||
| pstack.h | ||
| python-ext-sources | ||
| python.c | ||
| quote.c | ||
| quote.h | ||
| rblist.c | ||
| rblist.h | ||
| record.c | ||
| run-command.c | ||
| run-command.h | ||
| session.c | ||
| session.h | ||
| setup.py | ||
| sigchain.c | ||
| sigchain.h | ||
| sort.c | ||
| sort.h | ||
| srcline.c | ||
| stat-shadow.c | ||
| stat.c | ||
| stat.h | ||
| strbuf.c | ||
| strbuf.h | ||
| strfilter.c | ||
| strfilter.h | ||
| string.c | ||
| strlist.c | ||
| strlist.h | ||
| svghelper.c | ||
| svghelper.h | ||
| symbol-elf.c | ||
| symbol-minimal.c | ||
| symbol.c | ||
| symbol.h | ||
| target.c | ||
| target.h | ||
| thread_map.c | ||
| thread_map.h | ||
| thread-stack.c | ||
| thread-stack.h | ||
| thread.c | ||
| thread.h | ||
| tool.h | ||
| top.c | ||
| top.h | ||
| trace-event-info.c | ||
| trace-event-parse.c | ||
| trace-event-read.c | ||
| trace-event-scripting.c | ||
| trace-event.c | ||
| trace-event.h | ||
| tsc.c | ||
| tsc.h | ||
| unwind-libdw.c | ||
| unwind-libdw.h | ||
| unwind-libunwind.c | ||
| unwind.h | ||
| usage.c | ||
| util.c | ||
| util.h | ||
| values.c | ||
| values.h | ||
| vdso.c | ||
| vdso.h | ||
| wrapper.c | ||
| xyarray.c | ||
| xyarray.h | ||
| zlib.c | ||