[PATCH] strace/syscall.c: Fix nsyscalls and MAX_QUALS misuse

Dmitry V. Levin ldv at altlinux.org
Wed Aug 22 21:36:08 UTC 2007


Hi,

On Mon, Aug 20, 2007 at 04:05:25PM -0400, Xiaoning Ding wrote:
> I think these two parts of code in strace version 4.5.15 may be bugs.
> 
> 1. function qualify() in syscall.c.
> 
> The sizes of sysent0, sysent1, and systen2 are usually smaller than
> MAX_QUALS, which is defined as 5000 for MIPS+LINUX and 2048 for
> others.  The inner loop accessing syscall entries beyond the defined
> scope.

Proposed fix is attached.


-- 
ldv
-------------- next part --------------
2007-08-20  Dmitry V. Levin <ldv at altlinux.org>

	* syscall.c (qual_syscall, qualify): Fix nsyscalls and MAX_QUALS misuse.
	Reported by Xiaoning Ding.

--- syscall.c
+++ syscall.c
@@ -324,18 +324,19 @@ qual_syscall(s, opt, not)
 
   	if (isdigit((unsigned char)*s)) {
  		int i = atoi(s);
- 		if (i < 0 || i >= nsyscalls)
+		if (i < 0 || i >= MAX_QUALS)
  			return -1;
  		qualify_one(i, opt, not, -1);
  		return 0;
 	}
-	for (i = 0; i < nsyscalls; i++) {
+	for (i = 0; i < nsyscalls0; i++)
 		if (strcmp(s, sysent0[i].sys_name) == 0) {
 			qualify_one(i, opt, not, 0);
 			rc = 0;
 		}
 
 #if SUPPORTED_PERSONALITIES >= 2
+	for (i = 0; i < nsyscalls1; i++)
 		if (strcmp(s, sysent1[i].sys_name) == 0) {
 			qualify_one(i, opt, not, 1);
 			rc = 0;
@@ -343,12 +344,13 @@ qual_syscall(s, opt, not)
 #endif /* SUPPORTED_PERSONALITIES >= 2 */
 
 #if SUPPORTED_PERSONALITIES >= 3
+	for (i = 0; i < nsyscalls2; i++)
 		if (strcmp(s, sysent2[i].sys_name) == 0) {
 			qualify_one(i, opt, not, 2);
 			rc = 0;
 		}
 #endif /* SUPPORTED_PERSONALITIES >= 3 */
-	}
+
 	return rc;
 }
 
@@ -466,20 +468,22 @@ char *s;
 	}
 	for (p = strtok(s, ","); p; p = strtok(NULL, ",")) {
 		if (opt->bitflag == QUAL_TRACE && (n = lookup_class(p)) > 0) {
-			for (i = 0; i < MAX_QUALS; i++) {
+			for (i = 0; i < nsyscalls0; i++)
 				if (sysent0[i].sys_flags & n)
 					qualify_one(i, opt, not, 0);
 
 #if SUPPORTED_PERSONALITIES >= 2
+			for (i = 0; i < nsyscalls1; i++)
 				if (sysent1[i].sys_flags & n)
 					qualify_one(i, opt, not, 1);
 #endif /* SUPPORTED_PERSONALITIES >= 2 */
 
 #if SUPPORTED_PERSONALITIES >= 3
+			for (i = 0; i < nsyscalls2; i++)
 				if (sysent2[i].sys_flags & n)
 					qualify_one(i, opt, not, 2);
 #endif /* SUPPORTED_PERSONALITIES >= 3 */
-			}
+
 			continue;
 		}
 		if (opt->qualify(p, opt, not)) {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20070823/06729f87/attachment.bin>


More information about the Strace-devel mailing list