tracing/probe: reject non-closed empty immediate strings

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

parse_probe_arg() accepts quoted immediate strings and passes the body
after the opening quote to __parse_imm_string(). That helper currently
computes strlen(str) and immediately dereferences str[len - 1], which
underflows when the body is empty and not closed with double-quotation.

Reject empty non-closed immediate strings before checking for the closing quote.

Link: https://lore.kernel.org/all/20260401160315.88518-1-pengpeng@iscas.ac.cn/

Fixes: a42e3c4de964 ("tracing/probe: Add immediate string parameter support")
Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>

authored by

Pengpeng Hou and committed by

Masami Hiramatsu (Google) 1 month ago 4346be65 591cd656

+1 -1

1 changed file

expand all

kernel

trace

trace_probe.c

+1 -1

kernel/trace/trace_probe.c

··· 1068 1068 { 1069 1069 size_t len = strlen(str); 1070 1070 1071 - if (str[len - 1] != '"') { 1071 + if (!len || str[len - 1] != '"') { 1072 1072 trace_probe_log_err(offs + len, IMMSTR_NO_CLOSE); 1073 1073 return -EINVAL; 1074 1074 }

Configure Feed

Configure Feed