ACK: [PATCH] lib: fwts_klog: fix vector size and handle errors from pcre_exec (LP: #1461520)

ivanhu ivan.hu at canonical.com
Mon Jun 8 02:03:22 UTC 2015 

On 2015年06月05日 00:18, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> On an 32 bit x86 platform another stack smashing bug occurs where
> pcre_exec scribbles over the stack because the vector being passed
> to pcre_exec is not a multiple of 3 in size (as the API requires).
>
> Make the vector overly large multiple of 3 to fix this. This is the same
> fix as in an earlier bug (LP: #1401184), however, I failed to fix all
> the occurrances of the original bug, hence we got bitten again by this.
>
> Also, move the define for VECTOR_SIZE to the top of the source just to
> be a bit tidier.
>
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
>   src/lib/src/fwts_klog.c | 8 +++-----
>   1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/src/lib/src/fwts_klog.c b/src/lib/src/fwts_klog.c
> index 0d6358b..9c51b32 100644
> --- a/src/lib/src/fwts_klog.c
> +++ b/src/lib/src/fwts_klog.c
> @@ -34,6 +34,7 @@
>    *  klog pattern matching strings data file, data stored in json format
>    */
>   #define KLOG_DATA_JSON_FILE		"klog.json"
> +#define VECTOR_SIZE			(3)	/* Must be a multiple of 3 */
>   
>   /*
>    *  fwts_klog_free()
> @@ -260,8 +261,6 @@ static char *fwts_klog_unique_label(const char *str)
>   	return buffer;
>   }
>   
> -#define VECTOR_SIZE	(3)	/* Must be a multiple of 3 */
> -
>   void fwts_klog_scan_patterns(fwts_framework *fw,
>   	char *line,
>   	int  repeated,
> @@ -553,13 +552,12 @@ static void fwts_klog_regex_find_callback(fwts_framework *fw, char *line, int re
>   	re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
>   	if (re != NULL) {
>   		int rc;
> -		int vector[1];
> +		int vector[VECTOR_SIZE];
>   		pcre_extra *extra = pcre_study(re, 0, &error);
>   
>   		if (error)
>   			return;
> -
> -		rc = pcre_exec(re, extra, line, strlen(line), 0, 0, vector, 1);
> +		rc = pcre_exec(re, extra, line, strlen(line), 0, 0, vector, VECTOR_SIZE);
>   		free(extra);
>   		pcre_free(re);
>   		if (rc == 0)

Acked-by: Ivan Hu<ivan.hu at canonical.com>

More information about the fwts-devel mailing list