Skip to content
Snippets Groups Projects
Commit a1e0d1f3 authored by Laura Abbott's avatar Laura Abbott
Browse files

linux-ramdump-parser-v2: Fix bugs found by 'fuzzing' 

A recent build has generated multiple badly corrupted dumps. Fix
all the errors found by the unintentional fuzzing.

Change-Id: I0854bee4558d31037f51ed2ea941eb58997607c8
parent 079cd6eb
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
linux-ramdump-parser-v2/parsers/debug_image.py
+ 6
0
View file @ a1e0d1f3
......@@ -156,7 +156,13 @@ class DebugImage(RamParser):
mem_dump_data + dump_table_ptr_offset)
version = self.ramdump.read_word(dump_table + version_offset)
if version is None:
print_out_str('Version is bogus! Can\'t parse debug image')
return
num_entries = self.ramdump.read_word(dump_table + num_entries_offset)
if num_entries is None or num_entries > 100:
print_out_str('num_entries is bogus! Can\'t parse debug image')
return
print_out_str('\nDebug image version: {0}.{1} Number of entries {2}'.format(
version >> 20, version & 0xFFFFF, num_entries))
......
linux-ramdump-parser-v2/parsers/irqstate.py
+ 11
1
View file @ a1e0d1f3
# Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
# Copyright (c) 2012-2014, The Linux Foundation. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 and
......@@ -92,6 +92,9 @@ class IrqParse(RamParser):
node_addr = ram_dump.read_word(root_addr + rnode_offset) & 0xfffffffe
height = ram_dump.read_word(node_addr + rnode_height_offset)
if height > len(height_to_maxindex):
return None
if index > height_to_maxindex[height]:
return None
......@@ -126,6 +129,10 @@ class IrqParse(RamParser):
print_out_str(
'{0:4} {1} {2:30} {3:10}'.format('IRQ', cpu_str, 'Name', 'Chip'))
if nr_irqs > 50000:
return
for i in range(0, nr_irqs):
irq_desc = self.radix_tree_lookup_element(
ram_dump, irq_desc_tree, i)
......@@ -137,6 +144,9 @@ class IrqParse(RamParser):
kstat_irqs_addr = ram_dump.read_word(irq_desc + kstat_irqs_offset)
irq_stats_str = ''
if kstat_irqs_addr is None:
break
for j in ram_dump.iter_cpus():
irq_statsn = ram_dump.read_word(kstat_irqs_addr, cpu=j)
irq_stats_str = irq_stats_str + \
......
linux-ramdump-parser-v2/parsers/pagetracking.py
+ 2
2
View file @ a1e0d1f3
# Copyright (c) 2012, The Linux Foundation. All rights reserved.
# Copyright (c) 2012,2014 The Linux Foundation. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 and
......@@ -11,7 +11,7 @@
from print_out import print_out_str
from parser_util import register_parser, RamParser
from mm import pfn_to_page
@register_parser('--print-pagetracking', 'print page tracking information (if available)')
class PageTracking(RamParser):
......
linux-ramdump-parser-v2/parsers/rtb.py
+ 3
1
View file @ a1e0d1f3
# Copyright (c) 2012-2013, The Linux Foundation. All rights reserved.
# Copyright (c) 2012-2014, The Linux Foundation. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 and
......@@ -155,6 +155,8 @@ class RTB(RamParser):
while True:
ptr = rtb_read_ptr + next_entry * rtb_entry_size
stamp = self.ramdump.read_word(ptr + rtb_idx_offset)
if stamp is None:
break
rtb_out.write('{0:x} '.format(stamp).encode('ascii', 'ignore'))
item = self.ramdump.read_byte(ptr + rtb_logtype_offset)
item = item & 0x7F
......
linux-ramdump-parser-v2/ramdump.py
+ 4
1
View file @ a1e0d1f3
......@@ -392,7 +392,10 @@ class RamDump():
self.ramdump = ramdump
i = 0
for addr in range(start, end, 8):
(a, b) = ramdump.read_string(addr, '<II')
r = ramdump.read_string(addr, '<II')
if r is None:
break
(a, b) = r
self.unwind_table.append((a, b, start + 8 * i))
i += 1
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment