tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

libbpf: Fix accessing BTF.ext core_relo header

Update btf_ext_parse_info() to ensure the core_relo header is present
before reading its fields. This avoids a potential buffer read overflow
reported by the OSS Fuzz project.

Fixes: cf579164e9ea ("libbpf: Support BTF.ext loading and output in either endianness")
Signed-off-by: Tony Ambardar <tony.ambardar@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://issues.oss-fuzz.com/issues/388905046
Link: https://lore.kernel.org/bpf/20250125065236.2603346-1-itugrok@yahoo.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Tony Ambardar and committed by
Alexei Starovoitov 0a7c2a84 a63a631c

+2 -2
+2 -2
tools/lib/bpf/btf.c
··· 3015 3015 .desc = "line_info", 3016 3016 }; 3017 3017 struct btf_ext_sec_info_param core_relo = { 3018 - .off = btf_ext->hdr->core_relo_off, 3019 - .len = btf_ext->hdr->core_relo_len, 3020 3018 .min_rec_size = sizeof(struct bpf_core_relo), 3021 3019 .ext_info = &btf_ext->core_relo_info, 3022 3020 .desc = "core_relo", ··· 3032 3034 if (btf_ext->hdr->hdr_len < offsetofend(struct btf_ext_header, core_relo_len)) 3033 3035 return 0; /* skip core relos parsing */ 3034 3036 3037 + core_relo.off = btf_ext->hdr->core_relo_off; 3038 + core_relo.len = btf_ext->hdr->core_relo_len; 3035 3039 err = btf_ext_parse_sec_info(btf_ext, &core_relo, is_native); 3036 3040 if (err) 3037 3041 return err;