From: sashiko-bot@kernel.org
To: "Ian Rogers" <irogers@google.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH v2 08/16] perf python: Check counts_values size in set_values
Date: Wed, 24 Jun 2026 07:30:20 +0000 [thread overview]
Message-ID: <20260624073020.CD8D81F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260624051535.3584977-10-irogers@google.com>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
Pre-existing issues:
- [High] Deleting the `values` attribute from a `perf.counts_values` object in Python causes a segmentation fault.
- [Medium] The function `tracepoint_field` truncates 64-bit tracepoint fields on 32-bit platforms by casting them to `unsigned long` or `long`.
--
commit d69dc2f4b8c6d442757f85756430758b037c2521
Author: Ian Rogers <irogers@google.com>
perf python: Check counts_values size in set_values
The set_values function incorrectly assumed the list contained exactly
5 elements. Add a check to prevent out-of-bounds access.
> diff --git a/tools/perf/util/python.c b/tools/perf/util/python.c
> index 550f1e7d14499..c6c729808a0f2 100644
> --- a/tools/perf/util/python.c
> +++ b/tools/perf/util/python.c
[ ... ]
> @@ -1913,13 +1920,23 @@ static int pyrf_counts_values_set_values(struct pyrf_counts_values *self, PyObje
> }
>
> size = PyList_Size(list);
[Severity: High]
This isn't a bug introduced by this patch, but does
pyrf_counts_values_set_values() crash if the list parameter is NULL?
If a user deletes the attribute in Python (e.g., `del counts_values.values`),
the list parameter will be passed as NULL. The PyList_Check(list) macro called
just before this line unconditionally dereferences the pointer, which would
trigger a segmentation fault.
> + if (size != 5) {
> + PyErr_SetString(PyExc_ValueError, "List must have exactly 5 entries");
> + return -1;
> + }
> +
> for (Py_ssize_t i = 0; i < size; i++) {
[ ... ]
[Severity: Medium]
This is also a pre-existing issue, but could tracepoint_field() truncate 64-bit
values on 32-bit platforms?
In tools/perf/util/python.c:tracepoint_field():
val = tep_read_number(pevent, data + field->offset,
field->size);
if (field->flags & TEP_FIELD_IS_POINTER)
ret = PyLong_FromUnsignedLong((unsigned long) val);
else if (field->flags & TEP_FIELD_IS_SIGNED)
ret = PyLong_FromLong((long) val);
else
ret = PyLong_FromUnsignedLong((unsigned long) val);
Since val is returned by tep_read_number(), which provides a 64-bit value,
casting it to unsigned long or long drops the top 32 bits on 32-bit
architectures. Does this lead to silent data corruption for 64-bit tracepoint
fields like timestamps or counters?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260624051535.3584977-1-irogers@google.com?part=8
next prev parent reply other threads:[~2026-06-24 7:30 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-23 5:35 [PATCH v1 00/13] perf python: Fix python extension bugs and memory leaks Ian Rogers
2026-06-23 5:35 ` [PATCH v1 01/13] perf script: Fix metric_evlist leak in script_find_metrics Ian Rogers
2026-06-23 5:35 ` [PATCH v1 02/13] perf stat: Fix evsel_list leak in cmd_stat Ian Rogers
2026-06-23 5:35 ` [PATCH v1 03/13] perf top: Fix sb_evlist leak Ian Rogers
2026-06-23 21:26 ` sashiko-bot
2026-06-23 5:35 ` [PATCH v1 04/13] perf python: Fix memory leak in pyrf_evlist__get_pollfd Ian Rogers
2026-06-23 21:34 ` sashiko-bot
2026-06-23 5:35 ` [PATCH v1 05/13] perf synthetic-events: Fix uninitialized pthread_join Ian Rogers
2026-06-23 21:41 ` sashiko-bot
2026-06-23 5:35 ` [PATCH v1 06/13] perf data: Fix directory file descriptor leak in perf_data__switch Ian Rogers
2026-06-23 5:35 ` [PATCH v1 07/13] perf test: Fix skiplist leak in cmd_test Ian Rogers
2026-06-23 5:35 ` [PATCH v1 08/13] perf python: Check counts_values size in set_values Ian Rogers
2026-06-23 22:08 ` sashiko-bot
2026-06-23 5:35 ` [PATCH v1 09/13] perf python: Validate CPU and thread maps in pyrf_evsel__open Ian Rogers
2026-06-23 22:17 ` sashiko-bot
2026-06-23 5:35 ` [PATCH v1 10/13] perf python: Validate attribute setters in pyrf_evsel Ian Rogers
2026-06-23 5:35 ` [PATCH v1 11/13] perf python: Zero initialize perf_data in pyrf_data__init Ian Rogers
2026-06-23 22:44 ` sashiko-bot
2026-06-23 5:35 ` [PATCH v1 12/13] perf python: Add thread uninitialized checks Ian Rogers
2026-06-23 22:49 ` sashiko-bot
2026-06-23 5:35 ` [PATCH v1 13/13] perf python: Fix MetricGroup return type in perf.pyi Ian Rogers
2026-06-23 22:41 ` sashiko-bot
2026-06-24 5:15 ` [PATCH v2 00/16] perf python: Fix python extension bugs from v19 review Ian Rogers
2026-06-24 5:15 ` [PATCH v2 01/16] perf script: Fix metric_evlist leak in script_find_metrics Ian Rogers
2026-06-24 5:15 ` [PATCH v2 02/16] perf stat: Fix evsel_list leak in cmd_stat Ian Rogers
2026-06-24 5:15 ` [PATCH v2 03/16] perf tools: Fix sb_evlist leaks in top and record Ian Rogers
2026-06-24 5:15 ` [PATCH v2 03/16] perf top: Fix sb_evlist leak Ian Rogers
2026-06-24 5:15 ` [PATCH v2 04/16] perf python: Fix memory leak in pyrf_evlist__get_pollfd Ian Rogers
2026-06-24 5:28 ` sashiko-bot
2026-06-24 5:15 ` [PATCH v2 05/16] perf synthetic-events: Fix uninitialized pthread_join Ian Rogers
2026-06-24 5:27 ` sashiko-bot
2026-06-24 5:15 ` [PATCH v2 06/16] perf data: Fix directory file descriptor leak in perf_data__switch Ian Rogers
2026-06-24 5:30 ` sashiko-bot
2026-06-24 5:15 ` [PATCH v2 07/16] perf test: Fix skiplist leak in cmd_test Ian Rogers
2026-06-24 5:28 ` sashiko-bot
2026-06-24 5:15 ` [PATCH v2 08/16] perf python: Check counts_values size in set_values Ian Rogers
2026-06-24 7:30 ` sashiko-bot [this message]
2026-06-24 5:15 ` [PATCH v2 09/16] perf python: Validate CPU and thread maps in pyrf_evsel__open Ian Rogers
2026-06-24 5:15 ` [PATCH v2 10/16] perf python: Validate attribute setters in pyrf_evsel Ian Rogers
2026-06-24 5:31 ` sashiko-bot
2026-06-24 5:15 ` [PATCH v2 11/16] perf python: Zero initialize perf_data in pyrf_data__init Ian Rogers
2026-06-24 5:15 ` [PATCH v2 12/16] perf python: Add thread and PMU uninitialized checks Ian Rogers
2026-06-24 5:34 ` sashiko-bot
2026-06-24 5:15 ` [PATCH v2 13/16] perf python: Fix MetricGroup return type in perf.pyi Ian Rogers
2026-06-24 5:15 ` [PATCH v2 14/16] perf python: Fix count_values memory leak in pyrf_evsel__read Ian Rogers
2026-06-24 5:39 ` sashiko-bot
2026-06-24 5:15 ` [PATCH v2 15/16] perf python: Fix memory leak in pyrf__metrics_cb Ian Rogers
2026-06-24 5:15 ` [PATCH v2 16/16] perf synthetic-events: Fix divide by zero in perf_event__synthesize_threads Ian Rogers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260624073020.CD8D81F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=irogers@google.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.