[tip:perf/core] perf hists browser: Add NULL pointer check to prevent crash

All of lore.kernel.org
 help / color / mirror / Atom feed

From: tip-bot for Wang Nan <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: hpa@zytor.com, namhyung@kernel.org, linux-kernel@vger.kernel.org,
	mingo@kernel.org, acme@redhat.com, wangnan0@huawei.com,
	lizefan@huawei.com, tglx@linutronix.de
Subject: [tip:perf/core] perf hists browser: Add NULL pointer check to prevent crash
Date: Mon, 7 Dec 2015 21:13:18 -0800	[thread overview]
Message-ID: <tip-837eeb7569bf2b3bd3b1b82e0e61edb19811036e@git.kernel.org> (raw)
In-Reply-To: <1449455746-41952-3-git-send-email-wangnan0@huawei.com>

Commit-ID:  837eeb7569bf2b3bd3b1b82e0e61edb19811036e
Gitweb:     http://git.kernel.org/tip/837eeb7569bf2b3bd3b1b82e0e61edb19811036e
Author:     Wang Nan <wangnan0@huawei.com>
AuthorDate: Mon, 7 Dec 2015 02:35:45 +0000
Committer:  Arnaldo Carvalho de Melo <acme@redhat.com>
CommitDate: Mon, 7 Dec 2015 12:02:11 -0300

perf hists browser: Add NULL pointer check to prevent crash

Before this patch we can trigger a segfault by following steps:

 Step 0: Use 'perf record' to generate a perf.data without callchain

 Step 1: perf report

 Step 2: Use UP/DOWN to select an entry, don't press 'ENTER'

 Step 3: Use '/' to filter symbols, use a filter which returns
         empty result

 Step 4: Press 'ENTER' (notice here that the old selection is still
		        there. This is another problem)

 Step 5: Press 'ENTER' to annotate that symbol

 Step 6: Press 'LEFT' to go out.

 Result: segfault:

 perf: Segmentation fault
 -------- backtrace --------
 /home/wangnan/perf[0x53e568]
 /lib64/libc.so.6(+0x3545f)[0x7fba75d3245f]
 /home/wangnan/perf[0x537516]
 /home/wangnan/perf[0x533fef]
 /home/wangnan/perf[0x53b347]
 /home/wangnan/perf(perf_evlist__tui_browse_hists+0x96)[0x53d206]
 /home/wangnan/perf(cmd_report+0x1b9f)[0x442c7f]
 /home/wangnan/perf[0x47efa2]
 /home/wangnan/perf(main+0x5f5)[0x432fa5]
 /lib64/libc.so.6(__libc_start_main+0xf4)[0x7fba75d1ebd4]
 /home/wangnan/perf[0x4330d4]

This is because in this case 'nd' could be NULL in
ui_browser__hists_seek(), but that function never checks it.

This patch adds checker for potential NULL pointer in that function.
After this patch the above steps won't segfault.

Signed-off-by: Wang Nan <wangnan0@huawei.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Zefan Li <lizefan@huawei.com>
Cc: pi3orama@163.com
Link: http://lkml.kernel.org/r/1449455746-41952-3-git-send-email-wangnan0@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
 tools/perf/ui/browsers/hists.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/perf/ui/browsers/hists.c b/tools/perf/ui/browsers/hists.c
index fa9eb92..932e13d 100644
--- a/tools/perf/ui/browsers/hists.c
+++ b/tools/perf/ui/browsers/hists.c
@@ -1033,6 +1033,9 @@ static void ui_browser__hists_seek(struct ui_browser *browser,
 	 * and stop when we printed enough lines to fill the screen.
 	 */
 do_offset:
+	if (!nd)
+		return;
+
 	if (offset > 0) {
 		do {
 			h = rb_entry(nd, struct hist_entry, rb_node);

next prev parent reply	other threads:[~2015-12-08  5:13 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-07  2:35 [PATCH v3 0/3] perf hists browser: Avoid crash in some unusal operations Wang Nan
2015-12-07  2:35 ` [PATCH v3 1/3] perf hists browser: Fix segfault if use symbol filter in cmdline Wang Nan
2015-12-08  5:13   ` [tip:perf/core] " tip-bot for Wang Nan
2015-12-07  2:35 ` [PATCH v3 2/3] perf hists browser: Add NULL pointer check to prevent crash Wang Nan
2015-12-08  5:13   ` tip-bot for Wang Nan [this message]
2015-12-07  2:35 ` [PATCH v3 3/3] perf hists browser: Reset selection when refresh Wang Nan
2015-12-08  5:13   ` [tip:perf/core] " tip-bot for Wang Nan

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fa9eb92 dfblob:932e13d )
 OR (
bs:"[tip:perf/core] perf hists browser: Add NULL pointer check to prevent crash" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=tip-837eeb7569bf2b3bd3b1b82e0e61edb19811036e@git.kernel.org \
    --to=tipbot@zytor.com \
    --cc=acme@redhat.com \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=lizefan@huawei.com \
    --cc=mingo@kernel.org \
    --cc=namhyung@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=wangnan0@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.