trace: resolve stack corruption due to string copy
Amey Telawane [Sun, 16 Apr 2017 17:37:32 +0000 (22:37 +0530)]
Strcpy has no limit on string being copied which causes
stack corruption leading to kernel panic. Use strlcpy to
resolve the issue by providing length of string to be copied.

Bug 1899974

CRs-fixed: 1048480
Change-Id: Ib290b25f7e0ff96927b8530e5c078869441d409f
Signed-off-by: Amey Telawane <ameyt@codeaurora.org>
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: http://git-master/r/1463510
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bharat Nihalani <bnihalani@nvidia.com>

kernel/trace/trace.c

index 9d50626..d226c85 100644 (file)
@@ -1475,7 +1475,7 @@ void trace_find_cmdline(int pid, char comm[])
        arch_spin_lock(&trace_cmdline_lock);
        map = map_pid_to_cmdline[pid];
        if (map != NO_CMDLINE_MAP)
-               strcpy(comm, saved_cmdlines[map]);
+               strlcpy(comm, saved_cmdlines[map], TASK_COMM_LEN-1);
        else
                strcpy(comm, "<...>");