info : fix heap-buffer overflow in read_taskinfo()

It fixes a heap-buffer overflow issue caused by data in taskinfo:tids. The root cause was insufficient exception handling for tid values. Added exception handling to manage any value written to tids_str Fixed: #938 Signed-off-by: Seunghyeok Park <tmdgur1324@naver.com>
namhyung · Sep 7, 2024 · 11eb106 · 11eb106
1 parent 7e07a43
commit 11eb106
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/cmds/info.c b/cmds/info.c
@@ -544,15 +544,23 @@ static int read_taskinfo(void *arg)
 
 			while (*endp != '\n') {
 				int tid = strtol(tids_str, &endp, 10);
-				tids[nr_tid++] = tid;
-
-				if (*endp != ',' && *endp != '\n') {
+				if (tid && (nr_tid < info->nr_tid) &&
+				    (*endp == ',' || *endp == '\n')) {
+					tids[nr_tid++] = tid;
+				}
+				else {
 					free(tids);
 					goto out;
 				}
 
 				tids_str = endp + 1;
 			}
+
+			if (nr_tid < info->nr_tid) {
+				free(tids);
+				goto out;
+			}
+
 			info->tids = tids;
 
 			ASSERT(nr_tid == info->nr_tid);