diff options
| author | Yonghong Song <[email protected]> | 2023-07-31 13:45:34 -0700 |
|---|---|---|
| committer | Alexei Starovoitov <[email protected]> | 2023-07-31 17:35:02 -0700 |
| commit | e99688eba2e90a600956e936bc335ece902a5d7f (patch) | |
| tree | 4ed882047898b50f32c5e23612d71ae884496feb /tools/perf/scripts/python/bin/stackcollapse-record | |
| parent | 74bdfab4fd7c641e55f7fe9d1be9687eeb01df67 (diff) | |
bpf: Fix an array-index-out-of-bounds issue in disasm.c
syzbot reported an array-index-out-of-bounds when printing out bpf
insns. Further investigation shows the insn is illegal but
is printed out due to log level 1 or 2 before actual insn verification
in do_check().
This particular illegal insn is a MOVSX insn with offset value 2.
The legal offset value for MOVSX should be 8, 16 and 32.
The disasm sign-extension-size array index is calculated as
(insn->off / 8) - 1
and offset value 2 gives an out-of-bound index -1.
Tighten the checking for MOVSX insn in disasm.c to avoid
array-index-out-of-bounds issue.
Reported-by: [email protected]
Fixes: f835bb622299 ("bpf: Add kernel/bpftool asm support for new instructions")
Signed-off-by: Yonghong Song <[email protected]>
Acked-by: Eduard Zingerman <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Alexei Starovoitov <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/bin/stackcollapse-record')
0 files changed, 0 insertions, 0 deletions