From: Arnaldo Carvalho de Melo <arnaldo.melo@gmail.com>
To: Numfor Mbiziwo-Tiapo <nums@google.com>
Cc: peterz@infradead.org, mingo@redhat.com,
alexander.shishkin@linux.intel.com, jolsa@redhat.com,
namhyung@kernel.org, songliubraving@fb.com, mbd@fb.com,
linux-kernel@vger.kernel.org, irogers@google.com,
eranian@google.com
Subject: Re: [PATCH 2/3] Fix ordered-events.c array-bounds error
Date: Fri, 26 Jul 2019 16:35:27 -0300 [thread overview]
Message-ID: <20190726193527.GA24867@kernel.org> (raw)
In-Reply-To: <20190724184512.162887-3-nums@google.com>
Em Wed, Jul 24, 2019 at 11:45:11AM -0700, Numfor Mbiziwo-Tiapo escreveu:
> Perf does not build with the ubsan (undefined behavior sanitizer)
> and there is an error that says:
>
> tools/perf/util/debug.h:38:2:
> error: array subscript is above array bounds [-Werror=array-bounds]
> eprintf_time(n, var, t, fmt, ##__VA_ARGS__)
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> tools/perf/util/debug.h:40:34:
> note: in expansion of macro ‘pr_time_N’
> #define pr_oe_time(t, fmt, ...) pr_time_N(1, debug_ordered_events,
> t, pr_fmt(fmt), ##__VA_ARGS__)
>
> util/ordered-events.c:329:2: note: in expansion of macro ‘pr_oe_time’
> pr_oe_time(oe->next_flush, "next_flush - ordered_events__flush
> POST %s, nr_events %u\n",
>
> This can be reproduced by running (from the tip directory):
> make -C tools/perf USE_CLANG=1 EXTRA_CFLAGS="-fsanitize=undefined"
>
> The error stems from the 'str' array in the __ordered_events__flush
> function in tools/perf/util/ordered-events.c. On line 319 of this
> file, they use values of the variable 'how' (which has the type enum
> oeflush - defined in ordered-events.h) as indices for the 'str' array.
> Since 'how' has 5 values and the 'str' array only has 3, when the 4th
> and 5th values of 'how' (OE_FLUSH__TOP and OE_FLUSH__TIME) are used as
> indices, this will go out of the bounds of the 'str' array.
> Adding the matching strings from the enum values into the 'str' array
> fixes this.
>
> Signed-off-by: Numfor Mbiziwo-Tiapo <nums@google.com>
> ---
> tools/perf/util/ordered-events.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/tools/perf/util/ordered-events.c b/tools/perf/util/ordered-events.c
> index 897589507d97..c092b0c39d2b 100644
> --- a/tools/perf/util/ordered-events.c
> +++ b/tools/perf/util/ordered-events.c
> @@ -270,6 +270,8 @@ static int __ordered_events__flush(struct ordered_events *oe, enum oe_flush how,
> "FINAL",
> "ROUND",
> "HALF ",
> + "TOP",
> + "TIME",
> };
> int err;
> bool show_progress = false;
Humm, this was fixed already by:
commit 1e5b0cf8672e622257df024074e6e09bfbcb7750
Author: Changbin Du <changbin.du@gmail.com>
Date: Sat Mar 16 16:05:52 2019 +0800
perf top: Fix global-buffer-overflow issue
The array str[] should have six elements.
=================================================================
==4322==ERROR: AddressSanitizer: global-buffer-overflow on address 0x56463844e300 at pc 0x564637e7ad0d bp 0x7f30c8c89d10 sp 0x7f30c8c89d00
READ of size 8 at 0x56463844e300 thread T9
#0 0x564637e7ad0c in __ordered_events__flush util/ordered-events.c:316
#1 0x564637e7b0e4 in ordered_events__flush util/ordered-events.c:338
#2 0x564637c6a57d in process_thread /home/changbin/work/linux/tools/perf/builtin-top.c:1073
#3 0x7f30d173a163 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8163)
#4 0x7f30cfffbdee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11adee)
next prev parent reply other threads:[~2019-07-26 19:35 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-24 18:45 [PATCH 0/3] Perf UBsan Patches Numfor Mbiziwo-Tiapo
2019-07-24 18:45 ` [PATCH 1/3] Fix backward-ring-buffer.c format-truncation error Numfor Mbiziwo-Tiapo
2019-07-25 13:08 ` David Laight
2019-07-26 19:40 ` Arnaldo Carvalho de Melo
2019-07-29 20:57 ` [PATCH v2] Fix annotate.c use of uninitialized value error Numfor Mbiziwo-Tiapo
2019-08-07 11:32 ` Jiri Olsa
2019-10-25 22:11 ` Ian Rogers
2020-07-09 0:54 ` Ian Rogers
2020-07-09 15:38 ` Arnaldo Carvalho de Melo
2019-07-24 18:45 ` [PATCH 2/3] Fix ordered-events.c array-bounds error Numfor Mbiziwo-Tiapo
2019-07-26 19:33 ` Arnaldo Carvalho de Melo
2019-07-26 19:35 ` Arnaldo Carvalho de Melo [this message]
2019-07-24 18:45 ` [PATCH 3/3] Fix insn.c misaligned address error Numfor Mbiziwo-Tiapo
2019-07-25 13:06 ` David Laight
2019-07-25 21:18 ` Ian Rogers
2019-07-26 19:38 ` Arnaldo Carvalho de Melo
2019-07-27 9:46 ` Masami Hiramatsu
2019-07-29 8:22 ` Adrian Hunter
2019-07-29 19:32 ` Ian Rogers
2019-07-30 7:50 ` Adrian Hunter
2019-07-30 0:47 ` Masami Hiramatsu
2019-07-30 7:53 ` Adrian Hunter
2019-07-30 9:17 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190726193527.GA24867@kernel.org \
--to=arnaldo.melo@gmail.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=eranian@google.com \
--cc=irogers@google.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mbd@fb.com \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=nums@google.com \
--cc=peterz@infradead.org \
--cc=songliubraving@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.