[PATCH] perf annotate: Fix memcpy size in arch__grow

public inbox for linux-perf-users@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] perf annotate: Fix memcpy size in arch__grow_instructions
@ 2026-01-22 17:17 Suchit Karunakaran
  2026-01-22 18:27 ` Ian Rogers
  0 siblings, 1 reply; 3+ messages in thread
From: Suchit Karunakaran @ 2026-01-22 17:17 UTC (permalink / raw)
  To: acme, mingo, namhyung, peterz
  Cc: adrian.hunter, alexander.shishkin, irogers, james.clark, jolsa,
	mark.rutland, linux-perf-users, linux-kernel, Suchit Karunakaran

The memcpy in arch__grow_instructions() is copying the wrong number of
bytes when growing from a non-allocated table. It should copy
arch->nr_instructions * sizeof(struct ins) bytes, not just
arch->nr_instructions bytes.

This bug causes data corruption as only a partial copy of the
instruction table is made, leading to garbage data in most entries and
potential crashes

Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
---
 tools/perf/util/disasm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/disasm.c b/tools/perf/util/disasm.c
index 50b9433f3f8e..6faa9df8e373 100644
--- a/tools/perf/util/disasm.c
+++ b/tools/perf/util/disasm.c
@@ -81,7 +81,7 @@ static int arch__grow_instructions(struct arch *arch)
 	if (new_instructions == NULL)
 		return -1;
 
-	memcpy(new_instructions, arch->instructions, arch->nr_instructions);
+	memcpy(new_instructions, arch->instructions, arch->nr_instructions * sizeof(struct ins));
 	goto out_update_instructions;
 }
 
-- 
2.52.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] perf annotate: Fix memcpy size in arch__grow_instructions
  2026-01-22 17:17 [PATCH] perf annotate: Fix memcpy size in arch__grow_instructions Suchit Karunakaran
@ 2026-01-22 18:27 ` Ian Rogers
  2026-01-23 17:26   ` Arnaldo Carvalho de Melo
  0 siblings, 1 reply; 3+ messages in thread
From: Ian Rogers @ 2026-01-22 18:27 UTC (permalink / raw)
  To: Suchit Karunakaran
  Cc: acme, mingo, namhyung, peterz, adrian.hunter, alexander.shishkin,
	james.clark, jolsa, mark.rutland, linux-perf-users, linux-kernel

On Thu, Jan 22, 2026 at 9:17 AM Suchit Karunakaran
<suchitkarunakaran@gmail.com> wrote:
>
> The memcpy in arch__grow_instructions() is copying the wrong number of
> bytes when growing from a non-allocated table. It should copy
> arch->nr_instructions * sizeof(struct ins) bytes, not just
> arch->nr_instructions bytes.
>
> This bug causes data corruption as only a partial copy of the
> instruction table is made, leading to garbage data in most entries and
> potential crashes
>
> Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
> ---
>  tools/perf/util/disasm.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/disasm.c b/tools/perf/util/disasm.c
> index 50b9433f3f8e..6faa9df8e373 100644
> --- a/tools/perf/util/disasm.c
> +++ b/tools/perf/util/disasm.c
> @@ -81,7 +81,7 @@ static int arch__grow_instructions(struct arch *arch)
>         if (new_instructions == NULL)
>                 return -1;
>
> -       memcpy(new_instructions, arch->instructions, arch->nr_instructions);
> +       memcpy(new_instructions, arch->instructions, arch->nr_instructions * sizeof(struct ins));

Reviewed-by: Ian Rogers <irogers@google.com>

Nice catch! I think we've been trying to make code like this more like:
memcpy(new_instructions, arch->instructions, arch->nr_instructions *
sizeof(*new_instructions));
but the immediately preceding calloc isn't doing this, so your patch
is consistent. There is also a clean up in this code to switch to
using reallocarray rather than realloc.

Thanks,
Ian

>         goto out_update_instructions;
>  }
>
> --
> 2.52.0
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] perf annotate: Fix memcpy size in arch__grow_instructions
  2026-01-22 18:27 ` Ian Rogers
@ 2026-01-23 17:26   ` Arnaldo Carvalho de Melo
  0 siblings, 0 replies; 3+ messages in thread
From: Arnaldo Carvalho de Melo @ 2026-01-23 17:26 UTC (permalink / raw)
  To: Ian Rogers
  Cc: Suchit Karunakaran, mingo, namhyung, peterz, adrian.hunter,
	alexander.shishkin, james.clark, jolsa, mark.rutland,
	linux-perf-users, linux-kernel

On Thu, Jan 22, 2026 at 10:27:27AM -0800, Ian Rogers wrote:
> On Thu, Jan 22, 2026 at 9:17 AM Suchit Karunakaran <suchitkarunakaran@gmail.com> wrote:

> > The memcpy in arch__grow_instructions() is copying the wrong number of
> > bytes when growing from a non-allocated table. It should copy
> > arch->nr_instructions * sizeof(struct ins) bytes, not just
> > arch->nr_instructions bytes.

> > This bug causes data corruption as only a partial copy of the
> > instruction table is made, leading to garbage data in most entries and
> > potential crashes

> > Signed-off-by: Suchit Karunakaran <suchitkarunakaran@gmail.com>
> > ---
> >  tools/perf/util/disasm.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)

> > diff --git a/tools/perf/util/disasm.c b/tools/perf/util/disasm.c
> > index 50b9433f3f8e..6faa9df8e373 100644
> > --- a/tools/perf/util/disasm.c
> > +++ b/tools/perf/util/disasm.c
> > @@ -81,7 +81,7 @@ static int arch__grow_instructions(struct arch *arch)
> >         if (new_instructions == NULL)
> >                 return -1;

> > -       memcpy(new_instructions, arch->instructions, arch->nr_instructions);
> > +       memcpy(new_instructions, arch->instructions, arch->nr_instructions * sizeof(struct ins));

> Reviewed-by: Ian Rogers <irogers@google.com>

> Nice catch! I think we've been trying to make code like this more like:
> memcpy(new_instructions, arch->instructions, arch->nr_instructions *
> sizeof(*new_instructions));
> but the immediately preceding calloc isn't doing this, so your patch
> is consistent. There is also a clean up in this code to switch to
> using reallocarray rather than realloc.

Right, that would be better, but the fix is good as is and we can
cleanup it later.

I added the missing:

Fixes: 2a1ff812c40be982 ("perf annotate: Introduce alternative method of keeping instructions table")

Its an old bug I introduced almost 10 years ago ;-\

- Arnaldo

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-01-23 17:26 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-22 17:17 [PATCH] perf annotate: Fix memcpy size in arch__grow_instructions Suchit Karunakaran
2026-01-22 18:27 ` Ian Rogers
2026-01-23 17:26   ` Arnaldo Carvalho de Melo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox