[PATCH 3/5] perf hists browser: Add NULL pointer check to prevent crash

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: linux-kernel@vger.kernel.org, Wang Nan <wangnan0@huawei.com>,
	Namhyung Kim <namhyung@kernel.org>, Zefan Li <lizefan@huawei.com>,
	pi3orama@163.com, Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 3/5] perf hists browser: Add NULL pointer check to prevent crash
Date: Mon,  7 Dec 2015 17:06:39 -0300	[thread overview]
Message-ID: <1449518801-18511-4-git-send-email-acme@kernel.org> (raw)
In-Reply-To: <1449518801-18511-1-git-send-email-acme@kernel.org>

From: Wang Nan <wangnan0@huawei.com>

Before this patch we can trigger a segfault by following steps:

 Step 0: Use 'perf record' to generate a perf.data without callchain

 Step 1: perf report

 Step 2: Use UP/DOWN to select an entry, don't press 'ENTER'

 Step 3: Use '/' to filter symbols, use a filter which returns
         empty result

 Step 4: Press 'ENTER' (notice here that the old selection is still
		        there. This is another problem)

 Step 5: Press 'ENTER' to annotate that symbol

 Step 6: Press 'LEFT' to go out.

 Result: segfault:

 perf: Segmentation fault
 -------- backtrace --------
 /home/wangnan/perf[0x53e568]
 /lib64/libc.so.6(+0x3545f)[0x7fba75d3245f]
 /home/wangnan/perf[0x537516]
 /home/wangnan/perf[0x533fef]
 /home/wangnan/perf[0x53b347]
 /home/wangnan/perf(perf_evlist__tui_browse_hists+0x96)[0x53d206]
 /home/wangnan/perf(cmd_report+0x1b9f)[0x442c7f]
 /home/wangnan/perf[0x47efa2]
 /home/wangnan/perf(main+0x5f5)[0x432fa5]
 /lib64/libc.so.6(__libc_start_main+0xf4)[0x7fba75d1ebd4]
 /home/wangnan/perf[0x4330d4]

This is because in this case 'nd' could be NULL in
ui_browser__hists_seek(), but that function never checks it.

This patch adds checker for potential NULL pointer in that function.
After this patch the above steps won't segfault.

Signed-off-by: Wang Nan <wangnan0@huawei.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Zefan Li <lizefan@huawei.com>
Cc: pi3orama@163.com
Link: http://lkml.kernel.org/r/1449455746-41952-3-git-send-email-wangnan0@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
 tools/perf/ui/browsers/hists.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/perf/ui/browsers/hists.c b/tools/perf/ui/browsers/hists.c
index fa9eb92c9e24..932e13d015b9 100644
--- a/tools/perf/ui/browsers/hists.c
+++ b/tools/perf/ui/browsers/hists.c
@@ -1033,6 +1033,9 @@ static void ui_browser__hists_seek(struct ui_browser *browser,
 	 * and stop when we printed enough lines to fill the screen.
 	 */
 do_offset:
+	if (!nd)
+		return;
+
 	if (offset > 0) {
 		do {
 			h = rb_entry(nd, struct hist_entry, rb_node);
-- 
2.1.0

next prev parent reply	other threads:[~2015-12-07 20:07 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-07 20:06 [GIT PULL 0/5] perf/urgent fixes Arnaldo Carvalho de Melo
2015-12-07 20:06 ` [PATCH 1/5] perf buildid-list: Show running kernel build id fix Arnaldo Carvalho de Melo
2015-12-07 20:06 ` [PATCH 2/5] perf buildid-list: Fix return value of perf buildid-list -k Arnaldo Carvalho de Melo
2015-12-07 20:06 ` Arnaldo Carvalho de Melo [this message]
2015-12-07 20:06 ` [PATCH 4/5] perf hists browser: Reset selection when refresh Arnaldo Carvalho de Melo
2015-12-07 20:06 ` [PATCH 5/5] perf hists browser: Fix segfault if use symbol filter in cmdline Arnaldo Carvalho de Melo
2015-12-08  5:09 ` [GIT PULL 0/5] perf/urgent fixes Ingo Molnar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fa9eb92c9e2 dfblob:932e13d015b )
 OR (
bs:"[PATCH 3/5] perf hists browser: Add NULL pointer check to prevent crash" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1449518801-18511-4-git-send-email-acme@kernel.org \
    --to=acme@kernel.org \
    --cc=acme@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lizefan@huawei.com \
    --cc=mingo@kernel.org \
    --cc=namhyung@kernel.org \
    --cc=pi3orama@163.com \
    --cc=wangnan0@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.