scripts/kallsyms: fix memory corruption caused by write over-run

memcpy() writes one more byte than allocated.

Fixes: 8d60526999aa ("scripts/kallsyms: change table to store (strcut sym_entry *)")
Reported-by: youling257 <youling257@gmail.com>
Reported-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Tested-by: Pavel Machek <pavel@ucw.cz>

diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
index a566d8201b56c530d93cee048d9a45a6a3ab26a9..0133dfaaf3529c83c542c06756361224f6d464ca 100644 (file)
--- a/scripts/kallsyms.c
+++ b/scripts/kallsyms.c
@@ -210,7 +210,7 @@ static struct sym_entry *read_symbol(FILE *in)
 
        len = strlen(name) + 1;
 
-       sym = malloc(sizeof(*sym) + len);
+       sym = malloc(sizeof(*sym) + len + 1);
        if (!sym) {
                fprintf(stderr, "kallsyms failure: "
                        "unable to allocate required amount of memory\n");
@@ -219,7 +219,7 @@ static struct sym_entry *read_symbol(FILE *in)
        sym->addr = addr;
        sym->len = len;
        sym->sym[0] = type;
-       memcpy(sym_name(sym), name, len);
+       strcpy(sym_name(sym), name);
        sym->percpu_absolute = 0;
 
        return sym;