ACK: [PATCH] lib: fwts_klog: fix vector size and handle errors from pcre_exec (LP: #1461520)

Mon Jun 8 02:57:07 UTC 2015

On 06/05/2015 12:18 AM, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
> 
> On an 32 bit x86 platform another stack smashing bug occurs where
> pcre_exec scribbles over the stack because the vector being passed
> to pcre_exec is not a multiple of 3 in size (as the API requires).
> 
> Make the vector overly large multiple of 3 to fix this. This is the same
> fix as in an earlier bug (LP: #1401184), however, I failed to fix all
> the occurrances of the original bug, hence we got bitten again by this.
> 
> Also, move the define for VECTOR_SIZE to the top of the source just to
> be a bit tidier.
> 
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
>  src/lib/src/fwts_klog.c | 8 +++-----
>  1 file changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/src/lib/src/fwts_klog.c b/src/lib/src/fwts_klog.c
> index 0d6358b..9c51b32 100644
> --- a/src/lib/src/fwts_klog.c
> +++ b/src/lib/src/fwts_klog.c
> @@ -34,6 +34,7 @@
>   *  klog pattern matching strings data file, data stored in json format
>   */
>  #define KLOG_DATA_JSON_FILE		"klog.json"
> +#define VECTOR_SIZE			(3)	/* Must be a multiple of 3 */
>  
>  /*
>   *  fwts_klog_free()
> @@ -260,8 +261,6 @@ static char *fwts_klog_unique_label(const char *str)
>  	return buffer;
>  }
>  
> -#define VECTOR_SIZE	(3)	/* Must be a multiple of 3 */
> -
>  void fwts_klog_scan_patterns(fwts_framework *fw,
>  	char *line,
>  	int  repeated,
> @@ -553,13 +552,12 @@ static void fwts_klog_regex_find_callback(fwts_framework *fw, char *line, int re
>  	re = pcre_compile(pattern, 0, &error, &erroffset, NULL);
>  	if (re != NULL) {
>  		int rc;
> -		int vector[1];
> +		int vector[VECTOR_SIZE];
>  		pcre_extra *extra = pcre_study(re, 0, &error);
>  
>  		if (error)
>  			return;
> -
> -		rc = pcre_exec(re, extra, line, strlen(line), 0, 0, vector, 1);
> +		rc = pcre_exec(re, extra, line, strlen(line), 0, 0, vector, VECTOR_SIZE);
>  		free(extra);
>  		pcre_free(re);
>  		if (rc == 0)
> 
Acked-by: Alex Hung <alex.hung at canonical.com>