From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arnaldo Carvalho de Melo Subject: [PATCH 49/63] perf annotate: Fix heap overflow Date: Thu, 7 Nov 2019 15:59:57 -0300 Message-ID: <20191107190011.23924-50-acme@kernel.org> References: <20191107190011.23924-1-acme@kernel.org> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Return-path: In-Reply-To: <20191107190011.23924-1-acme@kernel.org> Sender: linux-kernel-owner@vger.kernel.org To: Ingo Molnar , Thomas Gleixner Cc: Jiri Olsa , Namhyung Kim , Clark Williams , linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, Ian Rogers , Alexander Shishkin , Jin Yao , Mark Rutland , Peter Zijlstra , Song Liu , Stephane Eranian , Arnaldo Carvalho de Melo List-Id: linux-perf-users.vger.kernel.org From: Ian Rogers Fix expand_tabs that copies the source lines '\0' and then appends another '\0' at a potentially out of bounds address. Signed-off-by: Ian Rogers Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Jin Yao Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Song Liu Cc: Stephane Eranian Link: http://lore.kernel.org/lkml/20191026035644.217548-1-irogers@google.com Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/annotate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c index ef1866a902c4..bee0fee122f8 100644 --- a/tools/perf/util/annotate.c +++ b/tools/perf/util/annotate.c @@ -1892,7 +1892,7 @@ static char *expand_tabs(char *line, char **storage, size_t *storage_len) } /* Expand the last region. */ - len = line_len + 1 - src; + len = line_len - src; memcpy(&new_line[dst], &line[src], len); dst += len; new_line[dst] = '\0'; -- 2.21.0