libbpf: Fix another potential overflow issue in bpf_prog_linfo

commit dd3ab126379ec040b3edab8559f9c72de6ef9d29 upstream.

Fix few issues found by Coverity and LGTM.

Fixes: b053b439b72a ("bpf: libbpf: bpftool: Print bpf_line_info during prog dump")
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20191107020855.3834758-4-andriin@fb.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/tools/lib/bpf/bpf_prog_linfo.c b/tools/lib/bpf/bpf_prog_linfo.c
index 8c67561..3ed1a27 100644 (file)
--- a/tools/lib/bpf/bpf_prog_linfo.c
+++ b/tools/lib/bpf/bpf_prog_linfo.c
@@ -101,6 +101,7 @@ struct bpf_prog_linfo *bpf_prog_linfo__new(const struct bpf_prog_info *info)
 {
        struct bpf_prog_linfo *prog_linfo;
        __u32 nr_linfo, nr_jited_func;
+       __u64 data_sz;
 
        nr_linfo = info->nr_line_info;
 
@@ -122,11 +123,11 @@ struct bpf_prog_linfo *bpf_prog_linfo__new(const struct bpf_prog_info *info)
        /* Copy xlated line_info */
        prog_linfo->nr_linfo = nr_linfo;
        prog_linfo->rec_size = info->line_info_rec_size;
-       prog_linfo->raw_linfo = malloc(nr_linfo * prog_linfo->rec_size);
+       data_sz = (__u64)nr_linfo * prog_linfo->rec_size;
+       prog_linfo->raw_linfo = malloc(data_sz);
        if (!prog_linfo->raw_linfo)
                goto err_free;
-       memcpy(prog_linfo->raw_linfo, (void *)(long)info->line_info,
-              nr_linfo * prog_linfo->rec_size);
+       memcpy(prog_linfo->raw_linfo, (void *)(long)info->line_info, data_sz);
 
        nr_jited_func = info->nr_jited_ksyms;
        if (!nr_jited_func ||
@@ -142,13 +143,12 @@ struct bpf_prog_linfo *bpf_prog_linfo__new(const struct bpf_prog_info *info)
        /* Copy jited_line_info */
        prog_linfo->nr_jited_func = nr_jited_func;
        prog_linfo->jited_rec_size = info->jited_line_info_rec_size;
-       prog_linfo->raw_jited_linfo = malloc(nr_linfo *
-                                            prog_linfo->jited_rec_size);
+       data_sz = (__u64)nr_linfo * prog_linfo->jited_rec_size;
+       prog_linfo->raw_jited_linfo = malloc(data_sz);
        if (!prog_linfo->raw_jited_linfo)
                goto err_free;
        memcpy(prog_linfo->raw_jited_linfo,
-              (void *)(long)info->jited_line_info,
-              nr_linfo * prog_linfo->jited_rec_size);
+              (void *)(long)info->jited_line_info, data_sz);
 
        /* Number of jited_line_info per jited func */
        prog_linfo->nr_jited_linfo_per_func = malloc(nr_jited_func *