diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2024-04-15 15:49:16 +0200 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-04-15 15:31:30 +0000 |
| commit | be2d01ee635103a77a9f68576c852f5ef3b16d0f (patch) | |
| tree | 6246b2d97156de865a56bbb71f3f819fb8b4fc68 /pkg/report/linux.go | |
| parent | ec1d9df37dba4a17065b091bbe9e03c9635cd0dc (diff) | |
pkg/report: fix OOB in linux.symbolize()
NewScanner() had an implicit limit on the maximum line size, which we
could surpass e.g. by printing some long serialized program.
In this case, there's no reason to use NewScanner() -- we already have
the whole buffer, so let's use raw byte operations instead.
Remove one of the checks that turned out to be unneeded, but leave an
assertion inside the symbolize() method.
Closes #4198.
Diffstat (limited to 'pkg/report/linux.go')
| -rw-r--r-- | pkg/report/linux.go | 21 |
1 files changed, 5 insertions, 16 deletions
diff --git a/pkg/report/linux.go b/pkg/report/linux.go index 8d44893f9..0fdcee54c 100644 --- a/pkg/report/linux.go +++ b/pkg/report/linux.go @@ -375,15 +375,7 @@ func (ctx *linux) Symbolize(rep *Report) error { return err } } - - oldLen := len(rep.Report) rep.Report = ctx.decompileOpcodes(rep.Report, rep) - if len(rep.Report) > 0 && rep.reportPrefixLen > len(rep.Report) { - // An attempt to catch #4198. - panic(fmt.Sprintf("invalid reportPrefixLen (%d) after decompileOpcodes, report len: %d -> %d, report: %+v", - rep.reportPrefixLen, oldLen, len(rep.Report), rep, - )) - } // Skip getting maintainers for Android fuzzing since the kernel source // directory structure is different. @@ -411,27 +403,24 @@ func (ctx *linux) symbolize(rep *Report) error { return ctx.symbolizerCache.Symbolize(symb.Symbolize, bin, pc) } var symbolized []byte - s := bufio.NewScanner(bytes.NewReader(rep.Report)) prefix := rep.reportPrefixLen - for s.Scan() { - line := append([]byte{}, s.Bytes()...) - line = append(line, '\n') + for _, originalLine := range bytes.SplitAfter(rep.Report, []byte("\n")) { + line := append([]byte{}, originalLine...) newLine := symbolizeLine(symbFunc, ctx.symbols, ctx.vmlinux, ctx.kernelBuildSrc, line) if prefix > len(symbolized) { prefix += len(newLine) - len(line) } symbolized = append(symbolized, newLine...) } - oldLen := len(rep.Report) + oldReport := rep.Report rep.Report = symbolized oldPrefixLen := rep.reportPrefixLen rep.reportPrefixLen = prefix if len(rep.Report) > 0 && rep.reportPrefixLen > len(rep.Report) { - // An attempt to catch #4198. panic(fmt.Sprintf("invalid reportPrefixLen after symbolize: prefix %d -> %d,"+ - "report len: %d -> %d, report: %+v", - oldPrefixLen, rep.reportPrefixLen, oldLen, len(rep.Report), rep, + "report len: %d -> %d, old report: %q", + oldPrefixLen, rep.reportPrefixLen, len(oldReport), len(rep.Report), oldReport, )) } return nil |