[1/2] trace-cmd lib: Fix potential integer overflow in tracecmd_write_cpu_data()

Commit Message

jjindrak@suse.cz Sept. 11, 2024, 4:36 p.m. UTC

From: Jaroslav Jindrak <jjindrak@suse.cz>

In out_write_cpu_data(), we stat() the cpu data files and store their
information in an instance of struct cpu_data_source, which has a size
field of type int. However, stat() stores the size of the file as off_t,
which means that the following check in tracecmd_write_cpu_data() will
not work with large enough files whose size fit in an off_t, but not in
an int

	ret = stat(cpu_data_files[i], &st);
	if (ret < 0) {
		tracecmd_warning("can not stat '%s'", cpu_data_files[i]);
		break;
	}
	...
	data[i].size = st.st_size;

due to the error being in the actual assignment to data[i].size. This
int value (potentially negative) gets later assigned to the file_size
field of struct data_file_write in out_write_cpu_data() and later
compared to the variable read_size, which can lead to the following
error:

 libtracecmd: Invalid argument
   did not match size of 3451486208 to -843481088

Signed-off-by: Jaroslav Jindrak <jjindrak@suse.cz>
---
 lib/trace-cmd/include/trace-cmd-local.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch

diff --git a/lib/trace-cmd/include/trace-cmd-local.h b/lib/trace-cmd/include/trace-cmd-local.h
index ebd6f152..a6b39344 100644
--- a/lib/trace-cmd/include/trace-cmd-local.h
+++ b/lib/trace-cmd/include/trace-cmd-local.h
@@ -93,7 +93,7 @@  out_add_buffer_option(struct tracecmd_output *handle, const char *name,
 
 struct cpu_data_source {
 	int fd;
-	int size;
+	off_t size;
 	off_t offset;
 };