ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-01-30 16:14:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

trace_buffer: fix out-of-bounds read

Browse Source 
The calculation in next() actually checked whether the current entry
fitted into the buffer, not if another one fitted.

genodelabs/genode#4430
This commit is contained in:
Johannes Schlatow 2022-02-17 12:01:03 +01:00 committed by Christian Helmuth
parent d7c4265089
commit 44aefc8777
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
repos/base/include/base/trace/buffer.h
View File

@ -170,7 +170,7 @@ class Genode::Trace::Buffer
if (entry.length() == 0)
return Entry(0);
addr_t const offset = (addr_t)entry._entry - (addr_t)_entries;
addr_t const offset = (addr_t)entry.data() - (addr_t)_entries;
if (offset + entry.length() + sizeof(_Entry) > _size)
return Entry(0);