diff -prauN -X ../workspaces/eclipse/excludelist.txt ../workspaces/eclipse/oprofile/opjitconv/create_bfd.c oprofile_work_20080318/opjitconv/create_bfd.c --- ../workspaces/eclipse/oprofile/opjitconv/create_bfd.c 2008-01-09 10:54:42.000000000 +0100 +++ oprofile_work_20080318/opjitconv/create_bfd.c 2008-03-17 14:01:34.000000000 +0100 @@ -8,6 +8,7 @@ * @author Jens Wilke * @Modifications Maynard Johnson * @Modifications Philippe Elie + * @Modifications Daniel Hansel * * Copyright IBM Corporation 2007 * @@ -26,11 +27,20 @@ static int fill_symtab(void) { int rc = OP_JIT_CONV_OK; - int i, r; + u32 i; + int r; struct jitentry const * e; asymbol * s; asection * section = NULL; + /* Check for valid value of entry_count to avoid integer overflow. */ + if (entry_count > UINT32_MAX - 1) + { + bfd_perror("invalid entry_count value"); + rc = OP_JIT_CONV_FAIL; + goto out; + } + syms = xmalloc(sizeof(asymbol *) * (entry_count+1)); syms[entry_count] = NULL; for (i = 0; i < entry_count; i++) { @@ -175,7 +185,7 @@ static int fill_text_section_content(ase int partition_sections(void) { int rc = OP_JIT_CONV_OK; - int i, j; + u32 i, j; struct jitentry const * pred; struct jitentry const * entry; unsigned long long end_addr; @@ -207,7 +217,7 @@ out: int fill_sections(void) { int rc = OP_JIT_CONV_OK; - int i, j; + u32 i, j; asection * section; rc = fill_symtab(); diff -prauN -X ../workspaces/eclipse/excludelist.txt ../workspaces/eclipse/oprofile/opjitconv/debug_line.c oprofile_work_20080318/opjitconv/debug_line.c --- ../workspaces/eclipse/oprofile/opjitconv/debug_line.c 2008-01-22 23:48:50.000000000 +0100 +++ oprofile_work_20080318/opjitconv/debug_line.c 2008-04-01 12:06:35.000000000 +0200 @@ -279,7 +279,7 @@ static ubyte get_special_opcode(struct d unsigned int temp; unsigned long delta_addr; - /* See TIS DWARF Debugging Information Format version 2.0 § 6.2.5.1 */ + /* See TIS DWARF Debugging Information Format version 2.0 § 6.2.5.1 */ temp = (line->lineno - last_lineno) - default_debug_line_header.line_base; diff -prauN -X ../workspaces/eclipse/excludelist.txt ../workspaces/eclipse/oprofile/opjitconv/jitsymbol.c oprofile_work_20080318/opjitconv/jitsymbol.c --- ../workspaces/eclipse/oprofile/opjitconv/jitsymbol.c 2008-01-09 10:54:42.000000000 +0100 +++ oprofile_work_20080318/opjitconv/jitsymbol.c 2008-04-01 12:11:51.000000000 +0200 @@ -8,6 +8,7 @@ * @author Jens Wilke * @Modifications Maynard Johnson * @Modifications Philippe Elie + * @Modifications Daniel Hansel * * Copyright IBM Corporation 2007 * @@ -16,9 +17,11 @@ #include "opjitconv.h" #include "opd_printf.h" #include "op_libiberty.h" +#include "op_types.h" #include #include +#include #include #include #include @@ -28,10 +31,10 @@ typedef int (*compare_symbol)(void const /* count the entries in the jitentry_list */ -static int count_entries(void) +static u32 count_entries(void) { struct jitentry const * entry; - int cnt = 0; + u32 cnt = 0; for (entry = jitentry_list; entry; entry = entry->next) cnt++; return cnt; @@ -85,7 +88,7 @@ static int cmp_address(void const * a, v /* resort address_ascending array */ static void resort_address(void) { - int i; + u32 i; qsort(entries_address_ascending, entry_count, sizeof(struct jitentry *), cmp_address); @@ -128,7 +131,14 @@ void create_arrays(void) static void insert_entry(struct jitentry * entry) { if (entry_count == max_entry_count) { - max_entry_count += 18; + if (max_entry_count < UINT32_MAX - 18) + max_entry_count += 18; + else if (max_entry_count < UINT32_MAX) + max_entry_count += 1; + else { + fprintf(stderr, "Amount of JIT dump file entries is too large.\n"); + exit(EXIT_FAILURE); + } entries_symbols_ascending = (struct jitentry **) xrealloc(entries_symbols_ascending, sizeof(struct jitentry *) * max_entry_count); @@ -174,7 +184,8 @@ static void invalidate_entry(struct jite */ static void invalidate_earlybirds(unsigned long long start_time) { - int i, flag; + u32 i; + int flag; struct jitentry * a; flag = 0; @@ -219,8 +230,8 @@ static int select_one(int start_idx, int * * Looking on the address regions, we may have the following situation: * - * split: |-------------| - * keep: |-----| + * split: |------------| + * keep: |---| * * The split entry may be splitted in a left part and a right part. E.g.: * @@ -228,9 +239,6 @@ static int select_one(int start_idx, int * keep: |---| * * However, both parts may or may not exist. - * - * FIXME: this schema is misleading, it look like as if keep is updated - * but it is not, at least in this function. */ static void split_entry(struct jitentry * split, struct jitentry const * keep) { @@ -243,9 +251,18 @@ static void split_entry(struct jitentry if (end_addr_split > end_addr_keep) { struct jitentry * new_entry = xcalloc(1, sizeof(struct jitentry)); - char * s = xmalloc(strlen(split->symbol_name) + 3); - strcpy(s, split->symbol_name); - strcat(s, "#1"); + char * s = NULL; + + /* Check for max. length to avoid possible integer overflow. */ + if (strlen(split->symbol_name) > SIZE_MAX - 3) { + fprintf(stderr, "Length of symbol name is too large.\n"); + exit(EXIT_FAILURE); + } else { + s = xmalloc(strlen(split->symbol_name) + 3); + strcpy(s, split->symbol_name); + strcat(s, "#1"); + } + new_entry->vma = end_addr_keep; new_entry->code_size = end_addr_split - end_addr_keep; new_entry->symbol_name = s; @@ -263,9 +280,18 @@ static void split_entry(struct jitentry } // do we need a left part? if (start_addr_split < start_addr_keep) { - char * s = xmalloc(strlen(split->symbol_name) + 3); - strcpy(s, split->symbol_name); - strcat(s, "#0"); + char * s = NULL; + + /* Check for max. length to avoid possible integer overflow. */ + if (strlen(split->symbol_name) > SIZE_MAX - 3) { + fprintf(stderr, "Length of symbol name is too large.\n"); + exit(EXIT_FAILURE); + } else { + s = xmalloc(strlen(split->symbol_name) + 3); + strcpy(s, split->symbol_name); + strcat(s, "#0"); + } + split->code_size = start_addr_keep - start_addr_split; if (split->sym_name_malloced) free(split->symbol_name); @@ -480,7 +506,8 @@ int resolve_overlaps(unsigned long long */ void disambiguate_symbol_names(void) { - int j, cnt, rep_cnt; + u32 j; + int cnt, rep_cnt; struct jitentry * a; struct jitentry * b; diff -prauN -X ../workspaces/eclipse/excludelist.txt ../workspaces/eclipse/oprofile/opjitconv/opjitconv.c oprofile_work_20080318/opjitconv/opjitconv.c --- ../workspaces/eclipse/oprofile/opjitconv/opjitconv.c 2008-03-18 14:13:08.000000000 +0100 +++ oprofile_work_20080318/opjitconv/opjitconv.c 2008-03-18 14:15:51.000000000 +0100 @@ -7,6 +7,7 @@ * * @author Jens Wilke * @Modifications Maynard Johnson + * @Modifications Daniel Hansel * * Copyright IBM Corporation 2007 * @@ -73,9 +74,9 @@ char const * dump_bfd_target_name; bfd * cur_bfd; /* count of jitentries in the list */ -int entry_count; +u32 entry_count; /* maximul space in the entry arrays, needed to add entries */ -int max_entry_count; +u32 max_entry_count; /* array pointing to all jit entries, sorted by symbol names */ struct jitentry ** entries_symbols_ascending; /* array pointing to all jit entries sorted by address */ @@ -432,13 +433,14 @@ static int op_process_jit_dumpfiles(char LIST_HEAD(anon_dnames); char const * samples_subdir = "/samples/current"; int samples_dir_len = strlen(session_dir) + strlen(samples_subdir); - char samples_dir[samples_dir_len + 1]; + char * samples_dir; if ((rc = get_matching_pathnames(&jd_fnames, get_pathname, jitdump_dir, "*.dump", NO_RECURSION)) < 0 || list_empty(&jd_fnames)) goto out; + samples_dir = xmalloc(samples_dir_len + 1); sprintf(samples_dir, "%s%s", session_dir, samples_subdir); if (get_matching_pathnames(&anon_dnames, get_pathname, samples_dir, anon_dir_filter, @@ -502,7 +504,20 @@ int main(int argc, char ** argv) rc = EXIT_FAILURE; goto out; } + session_dir = argv[1]; + /* + * Check for a maximum of 4096 bytes (Linux path name length limit) decremented + * by 16 bytes (will be used later for appending samples sub directory). + * Integer overflows according to the session dir parameter (user controlled) + * are not possible anymore. + */ + if (strlen(session_dir) > PATH_MAX - 16) { + printf("opjitconv: Path name length limit exceeded for session directory: %s\n", session_dir); + rc = EXIT_FAILURE; + goto out; + } + start_time = atol(argv[2]); end_time = atol(argv[3]); diff -prauN -X ../workspaces/eclipse/excludelist.txt ../workspaces/eclipse/oprofile/opjitconv/opjitconv.h oprofile_work_20080318/opjitconv/opjitconv.h --- ../workspaces/eclipse/oprofile/opjitconv/opjitconv.h 2008-01-09 10:54:42.000000000 +0100 +++ oprofile_work_20080318/opjitconv/opjitconv.h 2008-03-17 13:57:39.000000000 +0100 @@ -22,6 +22,8 @@ #include #include +#include "op_types.h" + /* Structure that contains all information * for one function entry in the jit dump file. * the jit dump file gets mmapped and code and @@ -93,11 +95,11 @@ extern char const * dump_bfd_target_name */ extern struct jitentry * jitentry_list; /* count of jitentries in the list */ -extern int entry_count; +extern u32 entry_count; /* list head for debug line information */ extern struct jitentry_debug_line * jitentry_debug_line_list; /* maximum space in the entry arrays, needed to add entries */ -extern int max_entry_count; +extern u32 max_entry_count; /* array pointing to all jit entries, sorted by symbol names */ extern struct jitentry ** entries_symbols_ascending; /* array pointing to all jit entries sorted by address */