Comments (5)
The uint8_t value is implicitly converted to size_t before performing the relational operation (on size_t). See §6.5.8 and §6.3.1.8 of C11.
from libipt.
Thank you for the response,
This implicit conversion prevents an overflow in the comparison part of the loop. The value of n is promoted to a larger type (size_t), and then the comparison is made. This means that as long as n is within the range of uint8_t, it will be correctly compared against the value returned by pt_filter_addr_ncfg().
The incrementing of n (++n) still occurs within the bounds of uint8_t. If n reaches 255 and is incremented, it will overflow to 0
Could you test by returning a higher dummy value from pt_filter_addr_ncfg
from libipt.
There are only 4 filter configurations defined by the architecture and we reserve 4 more in the config structure.
If pt_filter_addr_ncfg() returned a big value, the loop would run indefinitely and pt_filter_addr_a/b() would allow accessing the filter configuration object out of bounds. It wouldn't even need to exceed the values supported by uint8_t to cause the latter.
from libipt.
Thanks. This should be fixed, right?
from libipt.
I see nothing that would need fixing. If pt_filter_addr_ncfg() returned a wrong value, there would be bugs. But it doesn't return a wrong value and it couldn't be tricked into returning a wrong value for some bogus or malicious user input.
The returned type could be narrowed or the argument type of the filter index argument of pt_filter_addr_a/b/cfg() could be widened, but none of that changes the fact that only values that index a filter in struct pt_conf_addr_filter are allowed.
from libipt.
Related Issues (20)
- Question: How to use libipt in GDB on Windows? HOT 7
- 2.1: LTO exposes `[-Werror=maybe-uninitialized]` warnings HOT 4
- Possible discrepancy between Intel manual and implementation WRT compressed return logic. HOT 4
- `pte_bad_query` for user-space tracing across a syscall immediately followed by `ret` HOT 1
- Docs: clarify the kind of error HOT 5
- build ptxed HOT 2
- About synchronization HOT 2
- about pt record HOT 2
- ‘ptic_error’ undeclared when running "make user"
- about `--pevent:time-zero` HOT 2
- about parallel HOT 2
- How to use ptxed with the buffers generated by the perf_event_open system call? HOT 10
- `unexpected packet context` in initial sync point HOT 11
- Decoder out of sync and not enough recorded data. HOT 6
- Decoding errors when XED is not initialised correctly HOT 28
- questions about TIP.PGD with IP HOT 3
- Decoding trace in reverse execution order HOT 7
- new tag/release? HOT 5
- cmake builds/installs liblibipt on MSYS2 HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libipt.