* [PATCH] perf annotate-data: Fix a buffer overflow in TUI browser
[not found] <CA+JHD90ZChq4FFyrqVYE9RvK=K2sKoD6T5dyYknK=STST9_AEQ@mail.gmail.com>
@ 2024-08-10 19:15 ` Namhyung Kim
2024-08-12 16:08 ` Arnaldo Carvalho de Melo
0 siblings, 1 reply; 2+ messages in thread
From: Namhyung Kim @ 2024-08-10 19:15 UTC (permalink / raw)
To: Arnaldo Carvalho de Melo, Ian Rogers, Kan Liang
Cc: Jiri Olsa, Adrian Hunter, Peter Zijlstra, Ingo Molnar, LKML,
linux-perf-users
In get_member_overhead(), k is updated when it has a entry in the
histogram. But the entry->hists array is allocated with the number of
evsel in the group. So the k should be reset when it iterates the event
using for_each_group_evsel(), otherwise it'd crash due to a buffer
overflow.
Fixes: cb1898f58e0f ("perf annotate-data: Support --skip-empty option")
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
---
tools/perf/ui/browsers/annotate-data.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/perf/ui/browsers/annotate-data.c b/tools/perf/ui/browsers/annotate-data.c
index c3db80a7589a..a937b55da736 100644
--- a/tools/perf/ui/browsers/annotate-data.c
+++ b/tools/perf/ui/browsers/annotate-data.c
@@ -46,11 +46,12 @@ static int get_member_overhead(struct annotated_data_type *adt,
struct annotated_member *member = entry->data;
int i, k;
- for (i = 0, k = 0; i < member->size; i++) {
+ for (i = 0; i < member->size; i++) {
struct type_hist *h;
struct evsel *evsel;
int offset = member->offset + i;
+ k = 0;
for_each_group_evsel(evsel, leader) {
if (symbol_conf.skip_empty &&
evsel__hists(evsel)->stats.nr_samples == 0)
--
2.46.0.76.ge559c4bf1a-goog
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] perf annotate-data: Fix a buffer overflow in TUI browser
2024-08-10 19:15 ` [PATCH] perf annotate-data: Fix a buffer overflow in TUI browser Namhyung Kim
@ 2024-08-12 16:08 ` Arnaldo Carvalho de Melo
0 siblings, 0 replies; 2+ messages in thread
From: Arnaldo Carvalho de Melo @ 2024-08-12 16:08 UTC (permalink / raw)
To: Namhyung Kim
Cc: Ian Rogers, Kan Liang, Jiri Olsa, Adrian Hunter, Peter Zijlstra,
Ingo Molnar, LKML, linux-perf-users
On Sat, Aug 10, 2024 at 12:15:02PM -0700, Namhyung Kim wrote:
> In get_member_overhead(), k is updated when it has a entry in the
> histogram. But the entry->hists array is allocated with the number of
> evsel in the group. So the k should be reset when it iterates the event
> using for_each_group_evsel(), otherwise it'd crash due to a buffer
> overflow.
>
> Fixes: cb1898f58e0f ("perf annotate-data: Support --skip-empty option")
Thanks, applied to perf-tools-next,
- Arnaldo
> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
> ---
> tools/perf/ui/browsers/annotate-data.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/tools/perf/ui/browsers/annotate-data.c b/tools/perf/ui/browsers/annotate-data.c
> index c3db80a7589a..a937b55da736 100644
> --- a/tools/perf/ui/browsers/annotate-data.c
> +++ b/tools/perf/ui/browsers/annotate-data.c
> @@ -46,11 +46,12 @@ static int get_member_overhead(struct annotated_data_type *adt,
> struct annotated_member *member = entry->data;
> int i, k;
>
> - for (i = 0, k = 0; i < member->size; i++) {
> + for (i = 0; i < member->size; i++) {
> struct type_hist *h;
> struct evsel *evsel;
> int offset = member->offset + i;
>
> + k = 0;
> for_each_group_evsel(evsel, leader) {
> if (symbol_conf.skip_empty &&
> evsel__hists(evsel)->stats.nr_samples == 0)
> --
> 2.46.0.76.ge559c4bf1a-goog
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-08-12 16:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CA+JHD90ZChq4FFyrqVYE9RvK=K2sKoD6T5dyYknK=STST9_AEQ@mail.gmail.com>
2024-08-10 19:15 ` [PATCH] perf annotate-data: Fix a buffer overflow in TUI browser Namhyung Kim
2024-08-12 16:08 ` Arnaldo Carvalho de Melo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.