tracing: Fix allocation of last_cmd in last_cmd_set()

The strncat() used in last_cmd_set() includes the nul byte of length of
the string being copied in, when it should only hold the size of the
string being copied (not the nul byte). Change it to subtract the length
of the allocated space and the nul byte to pass that into the strncat().

Also, assign "len" instead of initializing it to zero and its first update
is to do a "+=".

Link: https://lore.kernel.org/all/202202140628.fj6e4w4v-lkp@intel.com/
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>

diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 5e8970624bce727e263f9df79efb9cb8b6013080..78788049f3d343bca8d86116c353a3063069208a 100644 (file)
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -744,19 +744,20 @@ static void last_cmd_set(struct trace_event_file *file, char *str)
 {
        const char *system = NULL, *name = NULL;
        struct trace_event_call *call;
-       int len = 0;
+       int len;
 
        if (!str)
                return;
 
-       len += sizeof(HIST_PREFIX) + strlen(str) + 1;
+       len = sizeof(HIST_PREFIX) + strlen(str) + 1;
        kfree(last_cmd);
        last_cmd = kzalloc(len, GFP_KERNEL);
        if (!last_cmd)
                return;
 
        strcpy(last_cmd, HIST_PREFIX);
-       strncat(last_cmd, str, len - sizeof(HIST_PREFIX));
+       len -= sizeof(HIST_PREFIX) + 1;
+       strncat(last_cmd, str, len);
 
        if (file) {
                call = file->event_call;