summaryrefslogtreecommitdiffstats
path: root/virt
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2010-01-17 08:27:34 +1030
committerLinus Torvalds <torvalds@linux-foundation.org>2010-01-17 11:00:53 -0800
commit3a5dd791abef032fe57fc652c0232913c696e59b (patch)
tree6bf20b6d67d45bf84730c3ce19b9514948a31f34 /virt
parent6ccf80eb15ccaca4d3f1ab5162b9ded5eecd9971 (diff)
modpost: fix segfault in sym_is() with prefixed arches
The sym_is() compares a symbol in an attempt to automatically skip symbol prefixes. It does this first by searching the real symbol with the normal unprefixed symbol. But then it uses the length of the original symbol to check the end of the substring instead of the length of the symbol it is looking for. On non-prefixed arches, this is effectively the same thing, so there is no problem. On prefixed-arches, since this is exceeds by just one byte, a crash is rare and it is usually a NUL byte anyways. But every once in a blue moon, you get the right page alignment and it segfaults. For example, on the Blackfin arch, sym_is() will be called with the real symbol "___mod_usb_device_table" as "symbol" when looking for the normal symbol "__mod_usb_device_table" as "name". The substring will thus return one byte into "symbol" and store it into "match". But then "match" will be indexed with the length of "symbol" instead of "name" and so we will exceed the storage. i.e. the code ends up doing: char foo[] = "abc"; return foo[strlen(foo)+1] == '\0'; Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'virt')
0 files changed, 0 insertions, 0 deletions