[PATCH] lib: fwts_klog: fix vector size and handle errors from pcre_exec (LP: #1401184)
Colin King
colin.king at canonical.com
Wed Dec 10 17:23:12 UTC 2014
From: Colin Ian King <colin.king at canonical.com>
On ARM32 platforms I detected a stack smashing bug where pcre_exec scribbles
over the stack because the vector being passed to pcre_exec is not a multiple
of 3 in size (as the API requires).
Make the vector overly large multiple of 3 to avoid any future stack smashing
and also handle errors from pcre_exec in case the regular expressions get
broken or miscompiled because of other errors.
Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
src/lib/src/fwts_klog.c | 45 ++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 42 insertions(+), 3 deletions(-)
diff --git a/src/lib/src/fwts_klog.c b/src/lib/src/fwts_klog.c
index 8b4a9ed..b38a02e 100644
--- a/src/lib/src/fwts_klog.c
+++ b/src/lib/src/fwts_klog.c
@@ -258,6 +258,8 @@ static char *fwts_klog_unique_label(const char *str)
return buffer;
}
+#define VECTOR_SIZE (3) /* Must be a multiple of 3 */
+
void fwts_klog_scan_patterns(fwts_framework *fw,
char *line,
int repeated,
@@ -266,7 +268,7 @@ void fwts_klog_scan_patterns(fwts_framework *fw,
int *errors)
{
fwts_klog_pattern *pattern = (fwts_klog_pattern *)private;
- int vector[1];
+ int vector[VECTOR_SIZE];
static char *advice =
"This is a bug picked up by the kernel, but as yet, the "
"firmware test suite has no diagnostic advice for this particular problem.";
@@ -277,8 +279,45 @@ void fwts_klog_scan_patterns(fwts_framework *fw,
bool matched = false;
switch (pattern->compare_mode) {
case FWTS_COMPARE_REGEX:
- if (pattern->re)
- matched = (pcre_exec(pattern->re, pattern->extra, line, strlen(line), 0, 0, vector, 1) == 0);
+ if (pattern->re) {
+ int ret = pcre_exec(pattern->re, pattern->extra, line, strlen(line), 0, 0, vector, VECTOR_SIZE);
+ if (ret < 0) {
+ char *errmsg = NULL;
+ /*
+ * We should handle -ve conditions other
+ * than PCRE_ERROR_NOMATCH as pcre internal
+ * errors..
+ */
+ switch (ret) {
+ case PCRE_ERROR_NOMATCH:
+ break;
+ case PCRE_ERROR_NULL:
+ errmsg = "internal NULL error";
+ break;
+ case PCRE_ERROR_BADOPTION:
+ errmsg = "invalid option passed to pcre_exec()";
+ break;
+ case PCRE_ERROR_BADMAGIC:
+ errmsg = "bad magic number, (corrupt regular expression)";
+ break;
+ case PCRE_ERROR_UNKNOWN_NODE:
+ errmsg = "compiled regular expression broken";
+ break;
+ case PCRE_ERROR_NOMEMORY:
+ errmsg = "out of memory";
+ break;
+ default:
+ errmsg = "unknown error";
+ break;
+ }
+ if (errmsg)
+ fwts_log_info(fw, "regular expression engine error: %s.", errmsg);
+ }
+ else {
+ /* A successful regular expression match! */
+ matched = true;
+ }
+ }
break;
case FWTS_COMPARE_STRING:
default:
--
2.1.3
More information about the fwts-devel
mailing list