misc: tegra-profiler: fix out-of-bounds access
Igor Nabirushkin [Tue, 4 Jul 2017 05:53:45 +0000 (08:53 +0300)]
Fix potential out-of-bounds write in read_all_sources() function
that can lead to data corruption.
This commit fixes the problem (the array size is increased by 1).

Bug 1953704

Change-Id: Iac6c54dfbd13b7ebef20de67f60cd3281e13814c
Signed-off-by: Igor Nabirushkin <inabirushkin@nvidia.com>
Reviewed-on: https://git-master/r/1512895
(cherry picked from commit 38c82f0ff897d6a8b9f5d0793f113a09d229a0cc)

drivers/misc/tegra-profiler/hrt.c

index cd1d5ab..d87c75e 100644 (file)
@@ -354,7 +354,7 @@ read_all_sources(struct pt_regs *regs, struct task_struct *task, int is_sched)
        int i, vec_idx = 0, bt_size = 0;
        int nr_events = 0, nr_positive_events = 0;
        struct pt_regs *user_regs;
-       struct quadd_iovec vec[6];
+       struct quadd_iovec vec[7];
        struct hrt_event_value events[QUADD_MAX_COUNTERS];
        u32 events_extra[QUADD_MAX_COUNTERS];
        struct quadd_event_context event_ctx;