1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
https://github.com/rr-debugger/rr/commit/2979c60ef8bbf7c940afd90172ddc5d8863f766e
https://github.com/rr-debugger/rr/issues/3369
https://bugs.gentoo.org/877157
From 2979c60ef8bbf7c940afd90172ddc5d8863f766e Mon Sep 17 00:00:00 2001
From: Robert O'Callahan <robert@ocallahan.org>
Date: Thu, 25 Aug 2022 20:40:59 +1200
Subject: [PATCH] Avoid creating a struct with elements after
ethtool_sset_info's variable-length-array.
Resolves #3369
--- a/src/record_syscall.cc
+++ b/src/record_syscall.cc
@@ -1450,17 +1450,17 @@ template <typename Arch> void get_ethtool_gstrings_arch(RecordTask* t) {
AutoRemoteSyscalls remote(t);
// Do a ETHTOOL_GSSET_INFO to get the number of strings
- struct SingleStringSet {
- ethtool_sset_info et;
- uint32_t data;
- };
- SingleStringSet sss;
- sss.et.cmd = ETHTOOL_GSSET_INFO;
- sss.et.reserved = 0;
- sss.et.sset_mask = 1 << et_gstrings.string_set;
- AutoRestoreMem sss_mem(remote, &sss, sizeof(sss));
-
- ifreq.ifr_ifru.ifru_data = sss_mem.get();
+ ethtool_sset_info et;
+ et.cmd = ETHTOOL_GSSET_INFO;
+ et.reserved = 0;
+ et.sset_mask = 1 << et_gstrings.string_set;
+ std::vector<uint8_t> buffer;
+ buffer.resize(sizeof(et) + sizeof(uint32_t));
+ memcpy(buffer.data(), &et, sizeof(et));
+ memset(buffer.data() + sizeof(et), 0, sizeof(uint32_t));
+ AutoRestoreMem et_mem(remote, buffer.data(), buffer.size());
+
+ ifreq.ifr_ifru.ifru_data = et_mem.get();
AutoRestoreMem ifr_mem(remote, &ifreq, sizeof(ifreq));
long ret = remote.syscall(regs.original_syscallno(), regs.arg1(),
@@ -1470,8 +1470,7 @@ template <typename Arch> void get_ethtool_gstrings_arch(RecordTask* t) {
return;
}
- sss = t->read_mem(sss_mem.get().cast<SingleStringSet>());
-
+ uint32_t data = t->read_mem((et_mem.get() + sizeof(et)).cast<uint32_t>());
// Now do the ETHTOOL_GSTRINGS call
ret = remote.syscall(regs.original_syscallno(), regs.arg1(), SIOCETHTOOL,
regs.arg3());
@@ -1479,7 +1478,7 @@ template <typename Arch> void get_ethtool_gstrings_arch(RecordTask* t) {
if (ret < 0) {
return;
}
- t->record_remote(orig_gstrings, sizeof(ethtool_gstrings) + ETH_GSTRING_LEN*sss.data);
+ t->record_remote(orig_gstrings, sizeof(ethtool_gstrings) + ETH_GSTRING_LEN*data);
}
static void get_ethtool_gstrings(RecordTask* t) {
|