Commit 7025ceb9 authored Apr 10, 2024 by Marcin Spiewak Committed by Tomasz Zawadzki Apr 12, 2024

trace_parser: wrong parameter to sizeof() operator



The issue was detected by Coverity scan.

After changing spdk_trace_parser_entry structure layout,
checking size of the union was not modified, resulting in
wrong value used to determine if 'argoff' is still valid.
This in turn could lead to out-of-bound access to
pe->args[].u.string[] table as 'argoff' could be greater
than a table size.
The parameter passed to sizeof() operator shall be
'pe->args[0].u.string', not 'pe->args[0]'.

Change-Id: Ie1ea7cf051f178983e78b29f591e734245373826
Signed-off-by: Marcin Spiewak <marcin.spiewak@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/22719


Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Konrad Sztyber <konrad.sztyber@intel.com>
Community-CI: Mellanox Build Bot
Reviewed-by: Jim Harris <jim.harris@samsung.com>

parent 1a88f528

lib/trace_parser/trace.cpp

+2 −2

Original line number	Diff line number	Diff line
		@@ -144,9 +144,9 @@ spdk_trace_parser::build_arg(argument_context *argctx, const spdk_trace_argument
		}

		curlen = spdk_min(sizeof(buffer->data) - argctx->offset, arg->size - argoff);
		if (argoff < sizeof(pe->args[0])) {
		if (argoff < sizeof(pe->args[0].u.string)) {
		memcpy(&pe->args[argid].u.string[argoff], &buffer->data[argctx->offset],
		spdk_min(curlen, sizeof(pe->args[0]) - argoff));
		spdk_min(curlen, sizeof(pe->args[0].u.string) - argoff));
		}

		argctx->offset += curlen;