mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-02-15 13:14:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
7af3339948601e188d93d7e03326aeb8fcbd6bea
linux/tools/lib
History
Varun R Mallya 5714ca8cba libbpf: Fix OOB read in btf_dump_get_bitfield_value 
When dumping bitfield data, btf_dump_get_bitfield_value() reads data
based on the underlying type's size (t->size). However, it does not
verify that the provided data buffer (data_sz) is large enough to
contain these bytes.

If btf_dump__dump_type_data() is called with a buffer smaller than
the type's size, this leads to an out-of-bounds read. This was
confirmed by AddressSanitizer in the linked issue.

Fix this by ensuring we do not read past the provided data_sz limit.

Fixes: a1d3cc3c5e ("libbpf: Avoid use of __int128 in typed dump display")
Reported-by: Harrison Green <harrisonmichaelgreen@gmail.com>
Suggested-by: Alan Maguire <alan.maguire@oracle.com>
Signed-off-by: Varun R Mallya <varunrmallya@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20260106233527.163487-1-varunrmallya@gmail.com

Closes: https://github.com/libbpf/libbpf/issues/928
2026-01-09 15:54:31 -08:00
..
api
libapi: Add missing header with NAME_MAX define to io_dir.h
2025-03-13 00:29:36 -07:00
bpf
libbpf: Fix OOB read in btf_dump_get_bitfield_value
2026-01-09 15:54:31 -08:00
perf
libperf: Use 'extern' in LIBPERF_API visibility macro
2025-12-05 10:31:32 -08:00
python
docs: kdoc: various fixes for grammar, spelling, punctuation
2025-11-29 08:35:23 -07:00
subcmd
perf subcmd: avoid crash in exclude_cmds when excludes is empty
2025-09-12 17:51:35 -07:00
symbol
tools: Drop nonsensical -O6
2024-09-11 13:08:36 -03:00
thermal
tools: lib: thermal: expose thermal_exit symbols
2025-10-03 21:26:00 +02:00
argv_split.c
tools lib: Move argv_{split,free} from tools/perf/util/
2019-07-01 22:50:40 -03:00
bitmap.c
lib/interval_tree: add test case for interval_tree_iter_xxx() helpers
2025-03-17 12:17:00 -07:00
cmdline.c
memblock test: fix implicit declaration of function 'memparse'
2024-08-06 08:21:25 +03:00
ctype.c
tools perf: Move from sane_ctype.h obtained from git to the Linux's original
2019-06-25 21:02:47 -03:00
find_bit.c
tools: sync find_bit() implementation
2022-09-21 12:21:44 -07:00
hweight.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
list_sort.c
tools/lib/list_sort: remove unnecessary header includes
2024-11-05 17:12:33 -08:00
rbtree.c
tools lib rbtree: pick some improvements from the kernel rbtree code
2024-05-08 08:41:27 -07:00
slab.c
lib/rbtree: enable userland test suite for rbtree related data structure
2025-03-17 12:17:00 -07:00
str_error_r.c
objtool, perf: Fix GCC 8 -Wrestrict error
2018-03-19 13:51:54 -03:00
string.c
perf annotate: Add disasm_line__parse() to parse raw instruction for powerpc
2024-07-31 16:12:59 -03:00
vsprintf.c
perf script: Pad DSO name for --call-trace
2019-05-28 18:37:44 -03:00
zalloc.c
tools lib: Adopt zalloc()/zfree() from tools/perf
2019-07-09 10:13:26 -03:00