Notice: We have migrated to GitLab launching 2024-05-01 see here: https://gitlab.rtems.org/

#4519 closed defect (fixed)

record-main-lttng.cc: Out-of-bounds access

Reported by: Ryan Long Owned by: Ryan Long <ryan.long@…>
Priority: normal Milestone: 6.1
Component: tool Version: 6
Severity: normal Keywords:
Cc: Blocked By:
Blocking:

Description

CID 1503017: Out-of-bounds access in CopyThreadName?().

   1. Condition api_index < 3, taking false branch.
298  if (api_index < THREAD_API_COUNT) {
299    name = thread_names_[api_index][GetObjIndexOfID(item.data)];
300  } else {
   2. alias: Assigning: name = kEmptyThreadName. name now points to byte 0 of kEmptyThreadName (which consists of 3 bytes).
301    name = kEmptyThreadName;
302  }
303
   CID 1503017 (#1 of 1): Out-of-bounds access (OVERRUN)3. overrun-buffer-arg: Overrunning buffer pointed to by name of 3 bytes by passing it to a function which accesses it at byte offset 15 using argument 16UL.
304  std::memcpy(dst, name, THREAD_NAME_SIZE);

Change History (1)

comment:1 Changed on 10/07/21 at 14:25:10 by Ryan Long <ryan.long@…>

Owner: set to Ryan Long <ryan.long@…>
Resolution: fixed
Status: newclosed

In [changeset:"83b3d58c4d10cad13cdf9130936ad245c332b741/rtems-tools" 83b3d58/rtems-tools]:

record-main-lttng.cc: Change size of empty string

CID 1503017: Out-of-bounds access in CopyThreadName?().

Change size of kEmptyThreadName from THREAD_API_COUNT to
THREAD_NAME_SIZE.

Closes #4519

Note: See TracTickets for help on using tickets.