From 608fee9bffe76775078b0b9264944258311571ec Mon Sep 17 00:00:00 2001 From: DrewStratford Date: Mon, 29 Jul 2019 06:02:22 +1200 Subject: [PATCH] Kernel: Add bounds checking to recognized_symbols in dump_backtrace_impl (#372) This adds a bounds check to the loop that writes to the buffer 'recognized_symbols'. This prevents buffer overflows in the case when a programs backtrace is particularly large. Fixes #371. --- Kernel/KSyms.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Kernel/KSyms.cpp b/Kernel/KSyms.cpp index f52b9fbbc5..ffe508d99a 100644 --- a/Kernel/KSyms.cpp +++ b/Kernel/KSyms.cpp @@ -94,7 +94,7 @@ static void load_ksyms_from_data(const ByteBuffer& buffer) RecognizedSymbol recognized_symbols[max_recognized_symbol_count]; int recognized_symbol_count = 0; if (use_ksyms) { - for (u32* stack_ptr = (u32*)ebp; current->process().validate_read_from_kernel(VirtualAddress((u32)stack_ptr)); stack_ptr = (u32*)*stack_ptr) { + for (u32* stack_ptr = (u32*)ebp; current->process().validate_read_from_kernel(VirtualAddress((u32)stack_ptr)) && recognized_symbol_count < max_recognized_symbol_count; stack_ptr = (u32*)*stack_ptr) { u32 retaddr = stack_ptr[1]; recognized_symbols[recognized_symbol_count++] = { retaddr, ksymbolicate(retaddr) }; } @@ -105,7 +105,7 @@ static void load_ksyms_from_data(const ByteBuffer& buffer) } return; } - ASSERT(recognized_symbol_count < max_recognized_symbol_count); + ASSERT(recognized_symbol_count <= max_recognized_symbol_count); size_t bytes_needed = 0; for (int i = 0; i < recognized_symbol_count; ++i) { auto& symbol = recognized_symbols[i];