git.openpandora.org
/
pandora-kernel.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
tracing/filter: Do not allow infix to exceed end of string
[pandora-kernel.git]
/
kernel
/
trace
/
trace_events_filter.c
diff --git
a/kernel/trace/trace_events_filter.c
b/kernel/trace/trace_events_filter.c
index
95dc31e
..
bfeb725
100644
(file)
--- a/
kernel/trace/trace_events_filter.c
+++ b/
kernel/trace/trace_events_filter.c
@@
-769,7
+769,11
@@
static int filter_set_pred(struct event_filter *filter,
static void __free_preds(struct event_filter *filter)
{
static void __free_preds(struct event_filter *filter)
{
+ int i;
+
if (filter->preds) {
if (filter->preds) {
+ for (i = 0; i < filter->n_preds; i++)
+ kfree(filter->preds[i].ops);
kfree(filter->preds);
filter->preds = NULL;
}
kfree(filter->preds);
filter->preds = NULL;
}
@@
-1023,6
+1027,9
@@
static void parse_init(struct filter_parse_state *ps,
static char infix_next(struct filter_parse_state *ps)
{
static char infix_next(struct filter_parse_state *ps)
{
+ if (!ps->infix.cnt)
+ return 0;
+
ps->infix.cnt--;
return ps->infix.string[ps->infix.tail++];
ps->infix.cnt--;
return ps->infix.string[ps->infix.tail++];
@@
-1038,6
+1045,9
@@
static char infix_peek(struct filter_parse_state *ps)
static void infix_advance(struct filter_parse_state *ps)
{
static void infix_advance(struct filter_parse_state *ps)
{
+ if (!ps->infix.cnt)
+ return;
+
ps->infix.cnt--;
ps->infix.tail++;
}
ps->infix.cnt--;
ps->infix.tail++;
}
@@
-1339,19
+1349,27
@@
static int check_preds(struct filter_parse_state *ps)
{
int n_normal_preds = 0, n_logical_preds = 0;
struct postfix_elt *elt;
{
int n_normal_preds = 0, n_logical_preds = 0;
struct postfix_elt *elt;
+ int cnt = 0;
list_for_each_entry(elt, &ps->postfix, list) {
list_for_each_entry(elt, &ps->postfix, list) {
- if (elt->op == OP_NONE)
+ if (elt->op == OP_NONE) {
+ cnt++;
continue;
continue;
+ }
if (elt->op == OP_AND || elt->op == OP_OR) {
n_logical_preds++;
if (elt->op == OP_AND || elt->op == OP_OR) {
n_logical_preds++;
+ cnt--;
continue;
}
continue;
}
+ cnt--;
n_normal_preds++;
n_normal_preds++;
+ /* all ops should have operands */
+ if (cnt < 0)
+ break;
}
}
- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
+ if (
cnt != 1 ||
!n_normal_preds || n_logical_preds >= n_normal_preds) {
parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
return -EINVAL;
}
parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
return -EINVAL;
}