scripts/kallsyms: fix memory corruption caused by write over-run

memcpy() writes one more byte than allocated. Fixes: 8d60526 ("scripts/kallsyms: change table to store (strcut sym_entry *)") Reported-by: youling257 <[email protected]> Reported-by: Pavel Machek <[email protected]> Signed-off-by: Masahiro Yamada <[email protected]> Tested-by: Pavel Machek <[email protected]>
acidburn0zzz · Feb 10, 2020 · 9d1b389 · 9d1b389
1 parent bb6d3fb
commit 9d1b389
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
@@ -210,7 +210,7 @@ static struct sym_entry *read_symbol(FILE *in)
 
 	len = strlen(name) + 1;
 
-	sym = malloc(sizeof(*sym) + len);
+	sym = malloc(sizeof(*sym) + len + 1);
 	if (!sym) {
 		fprintf(stderr, "kallsyms failure: "
 			"unable to allocate required amount of memory\n");
@@ -219,7 +219,7 @@ static struct sym_entry *read_symbol(FILE *in)
 	sym->addr = addr;
 	sym->len = len;
 	sym->sym[0] = type;
-	memcpy(sym_name(sym), name, len);
+	strcpy(sym_name(sym), name);
 	sym->percpu_absolute = 0;
 
 	return sym;