Commit a359befa authored Dec 14, 2018 by Quentin Perret

ANDROID: sched/events: Fix out of bound memory access



GCC 8 provides the following warning:

./include/trace/events/sched.h:736:3: warning: ‘memcpy’ forming offset
[8, 16] is out of the bounds [0, 7] [-Warray-bounds]
   memcpy(__entry->comm, p ? p->comm : "(null)", TASK_COMM_LEN);

Indeed, in the case where p==NULL, we copy TASK_COMM_LEN bytes from the
memory location where "(null)" is stored, which is incorrect.

Fix this by making sure to pass the right size parameter to memcpy in
all cases.

Bug: 120440300
Test: Compilation warning gone, no changes noticed in traces
Fixes: 42903694 ("ANDROID: sched/events: Introduce sched_entity load
tracking trace event")
Change-Id: Id93c9c0265f10c09b731daca25401696785b4b1e
Suggested-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Signed-off-by: Quentin Perret <quentin.perret@arm.com>

parent 67319b77

include/trace/events/sched.h

+2 −1

Original line number	Original line	Diff line number	Diff line
	@@ -733,7 +733,8 @@ TRACE_EVENT(sched_load_se,
	__entry->cpu = __trace_sched_cpu(gcfs_rq, se);		__entry->cpu = __trace_sched_cpu(gcfs_rq, se);
	__trace_sched_path(gcfs_rq, __get_dynamic_array(path),		__trace_sched_path(gcfs_rq, __get_dynamic_array(path),
	__get_dynamic_array_len(path));		__get_dynamic_array_len(path));
	memcpy(__entry->comm, p ? p->comm : "(null)", TASK_COMM_LEN);		memcpy(__entry->comm, p ? p->comm : "(null)",
			p ? TASK_COMM_LEN : sizeof("(null)"));
	__entry->pid = p ? p->pid : -1;		__entry->pid = p ? p->pid : -1;
	__entry->load = se->avg.load_avg;		__entry->load = se->avg.load_avg;
	__entry->rbl_load = se->avg.runnable_load_avg;		__entry->rbl_load = se->avg.runnable_load_avg;