Commit 4346be65 authored by Pengpeng Hou's avatar Pengpeng Hou Committed by Masami Hiramatsu (Google)
Browse files

tracing/probe: reject non-closed empty immediate strings 

parse_probe_arg() accepts quoted immediate strings and passes the body
after the opening quote to __parse_imm_string(). That helper currently
computes strlen(str) and immediately dereferences str[len - 1], which
underflows when the body is empty and not closed with double-quotation.

Reject empty non-closed immediate strings before checking for the closing quote.

Link: https://lore.kernel.org/all/20260401160315.88518-1-pengpeng@iscas.ac.cn/



Fixes: a42e3c4d ("tracing/probe: Add immediate string parameter support")
Signed-off-by: default avatarPengpeng Hou <pengpeng@iscas.ac.cn>
Reviewed-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: default avatarMasami Hiramatsu (Google) <mhiramat@kernel.org>
parent 591cd656

kernel/trace/trace_probe.c

+1 −1
Original line number Diff line number Diff line
@@ -1068,7 +1068,7 @@ static int __parse_imm_string(char *str, char **pbuf, int offs) 
{

	size_t len = strlen(str);



	if (str[len - 1] != '"') {

	if (!len || str[len - 1] != '"') {

		trace_probe_log_err(offs + len, IMMSTR_NO_CLOSE);

		return -EINVAL;

	}