perf expr: Prevent normalize() from reading into undefined memory in the expression lexer

The current implementation does not account for a trailing backslash followed by a null-byte. If a null-byte is encountered following a backslash, normalize() will continue reading (and potentially writing) into garbage memory ignoring the EOS null-byte. Signed-off-by: Sohom Datta <[email protected]> Acked-by: Ian Rogers <[email protected]> Acked-by: Jiri Olsa <[email protected]> Cc: Alexander Shishkin <[email protected]> Cc: Ingo Molnar <[email protected]> Cc: Mark Rutland <[email protected]> Cc: Namhyung Kim <[email protected]> Cc: Peter Zijlstra <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
author: Sohom Datta <[email protected]> 2022-12-04 16:28:35 +0530
committer: Arnaldo Carvalho de Melo <[email protected]> 2023-01-18 10:33:00 -0300
commit: 85c44913969bd27f15229c39383da1291800d7e9 (patch)
tree: 491b75227f34dd06a6012d4ab502ba3dc72f874c
parent: c905ecfbb8e5d54bbcdd2a1706b925baf1728cfe (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/tools/perf/util/expr.l b/tools/perf/util/expr.l
index 0168a9637330..d47de5f270a8 100644
--- a/tools/perf/util/expr.l
+++ b/tools/perf/util/expr.l
@@ -42,8 +42,11 @@ static char *normalize(char *str, int runtime)
 	char *dst = str;
 
 	while (*str) {
-		if (*str == '\\')
+		if (*str == '\\') {
 			*dst++ = *++str;
+			if (!*str)
+				break;
+		}
 		else if (*str == '?') {
 			char *paramval;
 			int i = 0;
author	Sohom Datta <[email protected]>	2022-12-04 16:28:35 +0530
committer	Arnaldo Carvalho de Melo <[email protected]>	2023-01-18 10:33:00 -0300
commit	85c44913969bd27f15229c39383da1291800d7e9 (patch)
tree	491b75227f34dd06a6012d4ab502ba3dc72f874c
parent	c905ecfbb8e5d54bbcdd2a1706b925baf1728cfe (diff)