From: tip-bot for Stephane Eranian <eranian@google.com>
To: linux-tip-commits@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, acme@redhat.com,
eranian@google.com, hpa@zytor.com, mingo@redhat.com,
a.p.zijlstra@chello.nl, tglx@linutronix.de, mingo@elte.hu
Subject: [tip:perf/urgent] perf record: Fix buffer overrun bug in tracepoint_id_to_path()
Date: Tue, 13 Mar 2012 09:17:42 -0700 [thread overview]
Message-ID: <tip-8aa8a7c80ccdfac2df5ee48a51a4a7bee2143d4f@git.kernel.org> (raw)
In-Reply-To: <20120313155102.GA6465@quad>
Commit-ID: 8aa8a7c80ccdfac2df5ee48a51a4a7bee2143d4f
Gitweb: http://git.kernel.org/tip/8aa8a7c80ccdfac2df5ee48a51a4a7bee2143d4f
Author: Stephane Eranian <eranian@google.com>
AuthorDate: Tue, 13 Mar 2012 16:51:02 +0100
Committer: Ingo Molnar <mingo@elte.hu>
CommitDate: Tue, 13 Mar 2012 17:01:28 +0100
perf record: Fix buffer overrun bug in tracepoint_id_to_path()
This patch fixes a buffer overrun bug in
tracepoint_id_to_path(). The bug manisfested itself as a memory
error reported by perf record. I ran into it with perf sched:
$ perf sched rec noploop 2 noploop for 2 seconds
[ perf record: Woken up 14 times to write data ]
[ perf record: Captured and wrote 42.701 MB perf.data (~1865622 samples) ]
Fatal: No memory to alloc tracepoints list
It turned out that tracepoint_id_to_path() was reading the
tracepoint id using read() but the buffer was not large enough
to include the \n terminator for id with 4 digits or more.
The patch fixes the problem by extending the buffer to a more
reasonable size covering all possible id length include \n
terminator. Note that atoll() stops at the first non digit
character, thus it is not necessary to clear the buffer between
each read.
Signed-off-by: Stephane Eranian <eranian@google.com>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: fweisbec@gmail.com
Cc: dsahern@gmail.com
Link: http://lkml.kernel.org/r/20120313155102.GA6465@quad
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
tools/perf/util/parse-events.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c
index b029296..c7a6f6f 100644
--- a/tools/perf/util/parse-events.c
+++ b/tools/perf/util/parse-events.c
@@ -165,7 +165,7 @@ struct tracepoint_path *tracepoint_id_to_path(u64 config)
struct tracepoint_path *path = NULL;
DIR *sys_dir, *evt_dir;
struct dirent *sys_next, *evt_next, sys_dirent, evt_dirent;
- char id_buf[4];
+ char id_buf[24];
int fd;
u64 id;
char evt_path[MAXPATHLEN];
prev parent reply other threads:[~2012-03-13 16:18 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-13 15:51 [PATCH] perf record: fix buffer overrun bug in tracepoint_id_to_path() Stephane Eranian
2012-03-13 16:17 ` tip-bot for Stephane Eranian [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tip-8aa8a7c80ccdfac2df5ee48a51a4a7bee2143d4f@git.kernel.org \
--to=eranian@google.com \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox