From: sashiko-bot@kernel.org
To: "Rong Bao" <rong.bao@csmantle.top>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v2] perf annotate: Use jump__delete when freeing LoongArch jumps
Date: Mon, 13 Apr 2026 10:35:18 +0000 [thread overview]
Message-ID: <20260413103519.96751C2BCAF@smtp.kernel.org> (raw)
In-Reply-To: <20260413100412.2313688-1-rong.bao@csmantle.top>
Sashiko AI review found 1 potential issue(s):
- [High] In `loongarch_call__parse`, missing verification of `strchr` return value causes a NULL pointer dereference if the objdump string does not contain '<'.
--
commit aaedf6d99ebecdf735574de2bae5e0ee0fc41c3f
Author: Rong Bao <rong.bao@csmantle.top>
perf annotate: Use jump__delete when freeing LoongArch jumps
This patch initializes the .free field in loongarch_jump_ops to jump__delete.
This prevents disasm_line__free() from falling back to the default cleanup
function for LoongArch jump instructions, which previously led to undefined
behavior and a crash.
> diff --git a/tools/perf/util/annotate-arch/annotate-loongarch.c b/tools/perf/util/annotate-arch/annotate-loongarch.c
> index 950f34e59e5cd..c2addca77320b 100644
> --- a/tools/perf/util/annotate-arch/annotate-loongarch.c
> +++ b/tools/perf/util/annotate-arch/annotate-loongarch.c
> @@ -110,6 +110,7 @@ static int loongarch_jump__parse(const struct arch *arch, struct ins_operands *o
> }
>
> static const struct ins_ops loongarch_jump_ops = {
> + .free = jump__delete,
> .parse = loongarch_jump__parse,
> .scnprintf = jump__scnprintf,
> .is_jump = true,
This isn't a regression introduced by this patch, but in this same file,
could loongarch_call__parse() cause a NULL pointer dereference?
If the objdump output represents a call without a symbol and lacks
'<...>', strchr() returns NULL, but name is immediately incremented:
tools/perf/util/annotate-arch/annotate-loongarch.c:loongarch_call__parse() {
...
ops->target.addr = strtoull(c, &endptr, 16);
name = strchr(endptr, '<');
name++;
if (arch->objdump.skip_functions_char &&
strchr(name, arch->objdump.skip_functions_char))
return -1;
...
}
Would this result in an invalid pointer and cause a crash when passed to
the subsequent strchr() calls?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260413100412.2313688-1-rong.bao@csmantle.top?part=1
next prev parent reply other threads:[~2026-04-13 10:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-13 10:03 [PATCH v2] perf annotate: Use jump__delete when freeing LoongArch jumps Rong Bao
2026-04-13 10:35 ` sashiko-bot [this message]
2026-04-14 0:59 ` WANG Rui
2026-04-14 17:12 ` Namhyung Kim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260413103519.96751C2BCAF@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=rong.bao@csmantle.top \
--cc=sashiko@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.