linux/tools/lib
Varun R Mallya 5714ca8cba libbpf: Fix OOB read in btf_dump_get_bitfield_value
When dumping bitfield data, btf_dump_get_bitfield_value() reads data
based on the underlying type's size (t->size). However, it does not
verify that the provided data buffer (data_sz) is large enough to
contain these bytes.

If btf_dump__dump_type_data() is called with a buffer smaller than
the type's size, this leads to an out-of-bounds read. This was
confirmed by AddressSanitizer in the linked issue.

Fix this by ensuring we do not read past the provided data_sz limit.

Fixes: a1d3cc3c5e ("libbpf: Avoid use of __int128 in typed dump display")
Reported-by: Harrison Green <harrisonmichaelgreen@gmail.com>
Suggested-by: Alan Maguire <alan.maguire@oracle.com>
Signed-off-by: Varun R Mallya <varunrmallya@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20260106233527.163487-1-varunrmallya@gmail.com

Closes: https://github.com/libbpf/libbpf/issues/928
2026-01-09 15:54:31 -08:00
..
api libapi: Add missing header with NAME_MAX define to io_dir.h 2025-03-13 00:29:36 -07:00
bpf libbpf: Fix OOB read in btf_dump_get_bitfield_value 2026-01-09 15:54:31 -08:00
perf libperf: Use 'extern' in LIBPERF_API visibility macro 2025-12-05 10:31:32 -08:00
python docs: kdoc: various fixes for grammar, spelling, punctuation 2025-11-29 08:35:23 -07:00
subcmd perf subcmd: avoid crash in exclude_cmds when excludes is empty 2025-09-12 17:51:35 -07:00
symbol
thermal tools: lib: thermal: expose thermal_exit symbols 2025-10-03 21:26:00 +02:00
argv_split.c
bitmap.c lib/interval_tree: add test case for interval_tree_iter_xxx() helpers 2025-03-17 12:17:00 -07:00
cmdline.c
ctype.c
find_bit.c
hweight.c
list_sort.c
rbtree.c
slab.c lib/rbtree: enable userland test suite for rbtree related data structure 2025-03-17 12:17:00 -07:00
str_error_r.c
string.c
vsprintf.c
zalloc.c