trace-cmd split: Assert if the calculated record size is too big

Commit Message

Steven Rostedt June 29, 2021, 2:40 a.m. UTC

From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>

With a discovery of a bug that caused a record to be written passed the
end of a page (and this was a possible memory corruption bug), check that
the calculated length is no bigger than the record it is copying. If it
is, then crash, as this can cause the data to write pass the allocated
page.

Now that bug would crash on the split command with:

  Bad calculation of record len (expect:116 actual:120)

Link: https://lore.kernel.org/linux-trace-devel/20210628222609.01ea12ad@oasis.local.home/

Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
---
 tracecmd/trace-split.c | 3 +++
 1 file changed, 3 insertions(+)

Patch

diff --git a/tracecmd/trace-split.c b/tracecmd/trace-split.c
index 9b1a8d7a..775611c1 100644
--- a/tracecmd/trace-split.c
+++ b/tracecmd/trace-split.c
@@ -118,6 +118,9 @@  static int write_record(struct tracecmd_input *handle,
 
 	if (!len) {
 		len = record->size + 4;
+		if ((len + 4) > record->record_size)
+			die("Bad calculation of record len (expect:%d actual:%d)",
+			    record->record_size, len + 4);
 		*(unsigned *)ptr = tep_read_number(pevent, &len, 4);
 		ptr += 4;
 		index += 4;