OS-5327 ustack helper needs more validation

Reviewed by: Patrick Mooney <patrick.mooney@joyent.com> Reviewed by: Bryan Cantrill <bryan@joyent.com>
author: Alex Wilson <alex.wilson@joyent.com> 2016-04-18 17:03:43 -0700
committer: Alex Wilson <alex.wilson@joyent.com> 2016-05-26 20:08:57 -0700
commit: ef119b857ee377981f5468b6a29453683beec108 (patch)
tree: 838fbdfecf932fe5d40009b6fed3db36284dd901
parent: 41d1d652c3fede61f722f0668fcb0f7848a7c52f (diff)
download: illumos-joyent-ef119b857ee377981f5468b6a29453683beec108.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/usr/src/uts/common/dtrace/dtrace.c b/usr/src/uts/common/dtrace/dtrace.c
index 4c31530238..9731c6f292 100644
--- a/usr/src/uts/common/dtrace/dtrace.c
+++ b/usr/src/uts/common/dtrace/dtrace.c
@@ -6664,6 +6664,7 @@ dtrace_action_ustack(dtrace_mstate_t *mstate, dtrace_state_t *state,
 	uint64_t *pcs = &buf[1], *fps;
 	char *str = (char *)&pcs[nframes];
 	int size, offs = 0, i, j;
+	size_t rem;
 	uintptr_t old = mstate->dtms_scratch_ptr, saved;
 	uint16_t *flags = &cpu_core[CPU->cpu_id].cpuc_dtrace_flags;
 	char *sym;
@@ -6735,12 +6736,18 @@ dtrace_action_ustack(dtrace_mstate_t *mstate, dtrace_state_t *state,
 			continue;
 		}
 
+		if (!dtrace_strcanload((uintptr_t)sym, strsize, &rem, mstate,
+		    &(state->dts_vstate))) {
+			str[offs++] = '\0';
+			continue;
+		}
+
 		DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
 
 		/*
 		 * Now copy in the string that the helper returned to us.
 		 */
-		for (j = 0; offs + j < strsize; j++) {
+		for (j = 0; offs + j < strsize && j < rem; j++) {
 			if ((str[offs + j] = sym[j]) == '\0')
 				break;
 		}
author	Alex Wilson <alex.wilson@joyent.com>	2016-04-18 17:03:43 -0700
committer	Alex Wilson <alex.wilson@joyent.com>	2016-05-26 20:08:57 -0700
commit	ef119b857ee377981f5468b6a29453683beec108 (patch)
tree	838fbdfecf932fe5d40009b6fed3db36284dd901
parent	41d1d652c3fede61f722f0668fcb0f7848a7c52f (diff)
download	illumos-joyent-ef119b857ee377981f5468b6a29453683beec108.tar.gz