On Sat, 1 Jun 2019 00:19:17 +0900
Masami Hiramatsu <mhira...@kernel.org> wrote:
> +static bool trace_uprobe_match_command_head(struct trace_uprobe *tu,
> + int argc, const char **argv)
> +{
> + char buf[MAX_ARGSTR_LEN + 1];
> + int len;
> +
> + if (!argc)
> + return true;
> +
> + len = strlen(tu->filename);
> + if (argv[0][len] != ':' || strncmp(tu->filename, argv[0], len))
Hmm, isn't it possible that 'len' can be greater than whatever argv[0] is?
The argv[0][len] looks very dangerous to me.
Perhaps that should be changed to:
if (!(!strncmp(tu->filename, argv[0], len) && argv[0][len] == ':'))
That way, the test of argv[0][len] will only happen if argv[0] is of length len.
-- Steve
> + return false;
> +
> + if (tu->ref_ctr_offset == 0)
> + snprintf(buf, sizeof(buf), "0x%0*lx",
> + (int)(sizeof(void *) * 2), tu->offset);
> + else
> + snprintf(buf, sizeof(buf), "0x%0*lx(0x%lx)",
> + (int)(sizeof(void *) * 2), tu->offset,
> + tu->ref_ctr_offset);
> + if (strcmp(buf, &argv[0][len + 1]))
> + return false;
> +
> + argc--; argv++;
> +
> + return trace_probe_match_command_args(&tu->tp, argc, argv);
> +}
> +
