71fc11978c
commit db2c549407d4a76563c579e4768f7d6d32afefba upstream.
This patch fixes an off-by-one error in strncpy size argument in
tools/perf/util/map.c. The issue is that in:
strncmp(filename, "/system/lib/", 11)
the passed string literal: "/system/lib/" has 12 bytes (without the NULL
byte) and the passed size argument is 11. As a result, the logic won't
match the ending "/" byte and will pass filepaths that are stored in
other directories e.g. "/system/libmalicious/bin" or just
"/system/libmalicious".
This functionality seems to be present only on Android. I assume the
/system/ directory is only writable by the root user, so I don't think
this bug has much (or any) security impact.
Fixes:
|
||
---|---|---|
.. | ||
arch | ||
bench | ||
Documentation | ||
examples/bpf | ||
include/bpf | ||
jvmti | ||
pmu-events | ||
python | ||
scripts | ||
tests | ||
trace | ||
ui | ||
util | ||
.gitignore | ||
Build | ||
builtin-annotate.c | ||
builtin-bench.c | ||
builtin-buildid-cache.c | ||
builtin-buildid-list.c | ||
builtin-c2c.c | ||
builtin-config.c | ||
builtin-data.c | ||
builtin-diff.c | ||
builtin-evlist.c | ||
builtin-ftrace.c | ||
builtin-help.c | ||
builtin-inject.c | ||
builtin-kallsyms.c | ||
builtin-kmem.c | ||
builtin-kvm.c | ||
builtin-list.c | ||
builtin-lock.c | ||
builtin-mem.c | ||
builtin-probe.c | ||
builtin-record.c | ||
builtin-report.c | ||
builtin-sched.c | ||
builtin-script.c | ||
builtin-stat.c | ||
builtin-timechart.c | ||
builtin-top.c | ||
builtin-trace.c | ||
builtin-version.c | ||
builtin.h | ||
check-headers.sh | ||
command-list.txt | ||
CREDITS | ||
design.txt | ||
Makefile | ||
Makefile.config | ||
Makefile.perf | ||
MANIFEST | ||
perf-archive.sh | ||
perf-completion.sh | ||
perf-read-vdso.c | ||
perf-sys.h | ||
perf-with-kcore.sh | ||
perf.c | ||
perf.h |