tracing/probe: reject non-closed empty immediate strings

parse_probe_arg() accepts quoted immediate strings and passes the body after the opening quote to __parse_imm_string(). That helper currently computes strlen(str) and immediately dereferences str[len - 1], which underflows when the body is empty and not closed with double-quotation. Reject empty non-closed immediate strings before checking for the closing quote. Link: https://lore.kernel.org/all/20260401160315.88518-1-pengpeng@iscas.ac.cn/ Fixes: a42e3c4de964 ("tracing/probe: Add immediate string parameter support") Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn> Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
author: Pengpeng Hou <pengpeng@iscas.ac.cn> 2026-04-02 00:03:15 +0800
committer: Masami Hiramatsu (Google) <mhiramat@kernel.org> 2026-04-06 09:22:42 +0900
commit: 4346be6577aaa04586167402ae87bbdbe32484a4 (patch)
tree: 5f31244aeedc7bab1a516892858ec7b1604ca369 /kernel/trace
parent: 591cd656a1bf5ea94a222af5ef2ee76df029c1d2 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
index e0a5dc86c07e..e1c73065dae5 100644
--- a/kernel/trace/trace_probe.c
+++ b/kernel/trace/trace_probe.c
@@ -1068,7 +1068,7 @@ static int __parse_imm_string(char *str, char **pbuf, int offs)
 {
 	size_t len = strlen(str);
 
-	if (str[len - 1] != '"') {
+	if (!len || str[len - 1] != '"') {
 		trace_probe_log_err(offs + len, IMMSTR_NO_CLOSE);
 		return -EINVAL;
 	}
author	Pengpeng Hou <pengpeng@iscas.ac.cn>	2026-04-02 00:03:15 +0800
committer	Masami Hiramatsu (Google) <mhiramat@kernel.org>	2026-04-06 09:22:42 +0900
commit	4346be6577aaa04586167402ae87bbdbe32484a4 (patch)
tree	5f31244aeedc7bab1a516892858ec7b1604ca369 /kernel/trace
parent	591cd656a1bf5ea94a222af5ef2ee76df029c1d2 (diff)