From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932813AbcDSPs1 (ORCPT ); Tue, 19 Apr 2016 11:48:27 -0400 Received: from mail-am1on0103.outbound.protection.outlook.com ([157.56.112.103]:61503 "EHLO emea01-am1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932598AbcDSPsZ (ORCPT ); Tue, 19 Apr 2016 11:48:25 -0400 Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=virtuozzo.com; Subject: Re: [PATCH] perf buildid: fix off-by-one in write_buildid() To: Arnaldo Carvalho de Melo References: <1461053847-5633-1-git-send-email-aryabinin@virtuozzo.com> <20160419133841.GB3677@kernel.org> CC: Ingo Molnar , Peter Zijlstra , Alexander Shishkin , From: Andrey Ryabinin Message-ID: <5716535B.9020800@virtuozzo.com> Date: Tue, 19 Apr 2016 18:48:43 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0 MIME-Version: 1.0 In-Reply-To: <20160419133841.GB3677@kernel.org> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.10] X-ClientProxiedBy: AM2PR09CA0007.eurprd09.prod.outlook.com (10.161.22.145) To HE1PR0801MB1305.eurprd08.prod.outlook.com (10.167.247.147) X-MS-Office365-Filtering-Correlation-Id: 3bc4ac34-b8a1-4664-6192-08d3686a0892 X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1305;2:w9PPLB7OYmaB0SC0sRgjVvu4ADAYTf81IHcCb5rRWBROBQfsUif9jDjevCfzZMHy421clJflIJCVizmqxIagcfKYtv8+UF8ycIShSD/eP3mxFK6/iFeflotI/BhPJ/UeTqjU6GE6YjwPjFIaxGPyjkbjOenQZq9oK0Ppo45PXVFisU1aHSCJRV6jm+32LfGv;3:Ic/aQElKNJMjizexMowPOW4sPne9cvTkI072MLBMMFwHIcJSz7i5X2usWonsp6TQqLekpFvXDutDyDc4lkCWn8OCOGSKdJasXitTYeRddIrRP+eXY6/mafzxZByez9GR X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0801MB1305; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1305;25:x4+OZHdH6Z66dvmB+iju+LYLMl7eO081WM3ZoEmaRaAIXm8Qc44VSCtEyZkp6YiS35PqF1OV8nTTQXfzJ67fowMJvWO5UreTTktHtEi0nyhRLnvIozs9MEbyGudxzcSo9GCG+V3gaMo0DaC88JuQ3I+9nUQNxAhZ629HIO0dOEeNKvj3yRjljE3YXeBr9M5JYZuCmfdtUzuXH6/MBdXOyvr0xEthkeq78qWBQEnT+jWsUnl3qdlicnfTqtgMDtfG7zJDTXwH5u9YsmlO64EMR7k1WRxVEdYfI7osDA/zA82eCeR/Jyo7iLMXCuwCJZNra0Qv9k5ggxMjEFM+efte0RyveU3+MqFMgKrtzq+0BGZFTkggUKHmQYt+OzmRKot3Z6UpYkeX3Kd7+dmALCHTbBWyxIVn9irNj7Tn9oxEPlT4i56N9tSgtm8LzHJ05CmTOX/iuw6QUzDZtr0WcYEnUJJ4f0OIWVSEDf+wqLs6aN9u3Gv5CX7YiflOjky2sO2/IcsyJ/fj6+IP5DHLsuhQb36i5WN0cGG0goef+zKLa354V2RmITB3U5TZOJZGYBk+XS6RgT8ZQQhcaQFPaxUHbhTO9Pc/Vh08kwvO9oDzIR0eqcX40Q39YhGcPigkvnuCkbtoF9mFpcpgFTLUlOExp8PONU1BhWcqcVlQW+vdA1c= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(9101521026)(6040130)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6041046)(6043046);SRVR:HE1PR0801MB1305;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0801MB1305; X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1305;4:kTdQjz3BH0PL2y13Da7LMhPVW3B8XeJSwIo/HbB7iHz71lsZcwZz9A0I7yMURqu+ztcgNgOI8eUjCMDXmHjgXw9/kFTuErVj6b4vEw1/fBMPyrWWeoICGL6DArp0TSogFG+umLz6Sj/0LvYTQirKhLS3cfT6QQiRsR8RCKcoaROXGsaKzwNdv5asj9tgZpT2NtKSexSOf9FmPM3jffdOqWhTZ5Btu1Ij6C2GuPfIS1Y8wjBs9zc+voiLBH7bRU0N1dwoCpNClNtLFxC5sdOtw3BxyH0DMpRBrYE51B2dvsZhgEnWfwhucZOC/QCPkzdeHixXjgX1ZE2LeutL1YET/NYbvfuOT98DqU1+J3kBwip/w7chwx8PdYIQFd7ZlKMuPeMN7F4Cw/m18qpSgf78uiUXuWal3cNL7zs/qR+M65AYOgYMx+UeVrwBovDmjldTSGn92RZP9WYupv2rWDjEug== X-Forefront-PRVS: 0917DFAC67 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(6049001)(377454003)(24454002)(47776003)(77096005)(92566002)(86362001)(5008740100001)(65806001)(2950100001)(65956001)(110136002)(4001350100001)(23746002)(230783001)(66066001)(189998001)(59896002)(586003)(6116002)(42186005)(36756003)(33656002)(54356999)(87266999)(65816999)(50986999)(76176999)(1096002)(50466002)(64126003)(4326007)(2906002)(81166005)(230700001)(83506001)(5004730100002)(80316001);DIR:OUT;SFP:1102;SCL:1;SRVR:HE1PR0801MB1305;H:[10.30.25.228];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;HE1PR0801MB1305;23:EHgOPsaPWw85WdjlmilnbDcGmrnrUatrAhn?= =?Windows-1252?Q?rIgbv2vZFxqqL728Os2NANld6wykRyVxojQjn1a5eWa8s0j44GgnbHN3?= =?Windows-1252?Q?LqeSnmxK9/f1Q1tq/kMqW/vnUtvCo85iLPT9r+LdoeWSvYSGZdrUrZup?= =?Windows-1252?Q?MPXiaBTXpHMa8iNTyL+4hk+dCrhM3Cdhe1iI2YxlQwlxK5ehlGPR3AFG?= =?Windows-1252?Q?Ly3wL/ljHvgf+/WtulVmvtjQqazMDp9r/KtxVUG+6G5PbQ/hZPopeLPJ?= =?Windows-1252?Q?hMWhYF9Y0plK4mPdx7LX7OcXCWygKEslQYS9uqtzjT+hb8uq5S++da+G?= =?Windows-1252?Q?GY5P/TxAv9ti2ca8TtSwznTlimiYsUy8zWg05GqtKcauevmXSmcMetq8?= =?Windows-1252?Q?OZvQrFKRt4g9fa04JfGReog2pf3XQnnPF00qeHyX4TYov5ApbwxxWrJx?= =?Windows-1252?Q?ej/q5TV9P/nrD6ZZbO+gXLj9JMhAbBiYbm+6URZWwNAEEisMcVP6T3iw?= =?Windows-1252?Q?ACFDulj8fJZXjeIjcdDO+G/buiMKDCCARSXORpxuiqF3JNOOchkx1Wjr?= =?Windows-1252?Q?uDf1eBe35LH9lNJAZVwNamWMfX0G+aepWQ6u8uRG5LEnZOj0ShLZdFJ9?= =?Windows-1252?Q?F6ljP8RpEzNTHBFfz+46LiYk72srwnqNtJVljdbF+2bAnip3f56QN9Ac?= =?Windows-1252?Q?asLnq7Bl/7MNYL66s0KbBBwopRk4QTSEeefcnEejOJxpwpgMs/lwVRpU?= =?Windows-1252?Q?lV93+g6aGNqAupdPaZq1K9d3LQH8BKJXwElonyYqzL62H8EitKpbeJmv?= =?Windows-1252?Q?9cCpiqarddZdOylidRvhjavWMdRng6U7y6fS/rZfGPIo5GUw9yAmKBEm?= =?Windows-1252?Q?C9w0pnf9K/EqC1vHKBVxynWgeDG/YPMuN31eL5bSgUXD7W3OS4zIhyVA?= =?Windows-1252?Q?m8LwgkoA86ExrOu3XWYeCYbsUqy8+3r2OzKA3beR84TEKzN5pMOTbyKC?= =?Windows-1252?Q?BHUxqLIRzrZ8Vffs5ckyhnTs23mlrVDC1+hI+AtsljLGGiU4P2FMVwlL?= =?Windows-1252?Q?1/jhzzJ2250yRVv7EMZfgrxFIZ1YYDNa1P/AWG08vMjUkD8infyGPqFo?= =?Windows-1252?Q?p72iKFB4aZbIys3J0hQ9UXiQ=3D?= X-Microsoft-Exchange-Diagnostics: 1;HE1PR0801MB1305;5:1ZLIjjjIYiquAx/BgGuRa5AqhZL8hVG2Gq6c3S3xetjmkzuGwNAoEGNe8EioECJhjRcOuQtccaBJrCv0nA8DG9TgH5xc5XgYFSQ+b74SlH64v8J6MB8vjb14bcVGcZjXrR8AhxI4ac6vIo/tgM1SKgOVeFVH8GRfMa4bVSfHN9S6Vxf6JU90X+A9oJcEsXF7;24:sWlDNdlXKMU2dSHMrSOa/HgskP0x2LlqMtuGMVb9GEmDRxBe1cNjw76l3EplDWqJbcRB9tlCR2oVPOTSfATUpTDM3RjJ4jE0RJZL+ZmgVQg=;7:zatQUBiwcDwGqtAcRNeSty5kV7erLGEBnUPgqDEYgdkR3YNPVwMIBNOhddE5fMwhmI9lvoDssjRMUviWrqaipQ+ffoC7e9udEEiYGW3VPp0qvNkzax6AMhrdchynw0j6V0Z9PIjphKSdW2uq4+WWgYIBmAiiDdIWYs5Gyk1aIFm1zD5+tCG5xPUego+LGwuv0Zy4pUrqQMRycOTSkfDAmzX7U2B6IshgcjhFnDG14sA=;20:WRaxY8TQpHZ6WFC8owhwmBlKKzuPz2oI0gWb2n+U+lt64J8XlgLQ+U7EatzzsObEU3d6vR3RpneglkNyOoFdzN2S1l0ta43naqzYutJPfhwn3+ncC5v61p9JTEhiZ8+2Ai6iJxN9FJgiiQ9nwFv82SjeBKgT8qD7/YN56zYbbUU= SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Apr 2016 15:48:20.2286 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB1305 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/19/2016 04:38 PM, Arnaldo Carvalho de Melo wrote: > Em Tue, Apr 19, 2016 at 11:17:27AM +0300, Andrey Ryabinin escreveu: >> write_buildid() increments 'name_len' with intention to take into account >> trailing zero byte. However, 'name_len' was already incremented in >> machine__write_buildid_table() before. >> So this leads to out-of-bounds read in do_write(): > > Could we keep the assumptions that for a string 's' the length is > strlen(s) and that when we want to write a string _with_ its trailing > '\0' we should use strlen(s) + 1? > > I.e. I propose this patch instead, ok? > Yup, looks good. Thanks. > diff --git a/tools/perf/util/build-id.c b/tools/perf/util/build-id.c > index 0573c2ec861d..b6ecf87bc3e3 100644 > --- a/tools/perf/util/build-id.c > +++ b/tools/perf/util/build-id.c > @@ -261,14 +261,14 @@ static int machine__write_buildid_table(struct machine *machine, int fd) > > if (dso__is_vdso(pos)) { > name = pos->short_name; > - name_len = pos->short_name_len + 1; > + name_len = pos->short_name_len; > } else if (dso__is_kcore(pos)) { > machine__mmap_name(machine, nm, sizeof(nm)); > name = nm; > - name_len = strlen(nm) + 1; > + name_len = strlen(nm); > } else { > name = pos->long_name; > - name_len = pos->long_name_len + 1; > + name_len = pos->long_name_len; > } > > in_kernel = pos->kernel || >