* [PATCH] perf annotate: fix heap overflow
@ 2019-10-26 3:56 Ian Rogers
2019-10-28 19:29 ` Jiri Olsa
2019-11-12 11:17 ` [tip: perf/core] perf annotate: Fix " tip-bot2 for Ian Rogers
0 siblings, 2 replies; 4+ messages in thread
From: Ian Rogers @ 2019-10-26 3:56 UTC (permalink / raw
To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
Mark Rutland, Alexander Shishkin, Jiri Olsa, Namhyung Kim,
Jin Yao, Song Liu, linux-kernel
Cc: Stephane Eranian, Ian Rogers
Fix expand_tabs that copies the source lines '\0' and then appends
another '\0' at a potentially out of bounds address.
Signed-off-by: Ian Rogers <irogers@google.com>
---
tools/perf/util/annotate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index ef1866a902c4..bee0fee122f8 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1892,7 +1892,7 @@ static char *expand_tabs(char *line, char **storage, size_t *storage_len)
}
/* Expand the last region. */
- len = line_len + 1 - src;
+ len = line_len - src;
memcpy(&new_line[dst], &line[src], len);
dst += len;
new_line[dst] = '\0';
--
2.24.0.rc0.303.g954a862665-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] perf annotate: fix heap overflow
2019-10-26 3:56 [PATCH] perf annotate: fix heap overflow Ian Rogers
@ 2019-10-28 19:29 ` Jiri Olsa
2019-11-06 19:01 ` Arnaldo Carvalho de Melo
2019-11-12 11:17 ` [tip: perf/core] perf annotate: Fix " tip-bot2 for Ian Rogers
1 sibling, 1 reply; 4+ messages in thread
From: Jiri Olsa @ 2019-10-28 19:29 UTC (permalink / raw
To: Ian Rogers
Cc: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
Mark Rutland, Alexander Shishkin, Namhyung Kim, Jin Yao, Song Liu,
linux-kernel, Stephane Eranian
On Fri, Oct 25, 2019 at 08:56:44PM -0700, Ian Rogers wrote:
> Fix expand_tabs that copies the source lines '\0' and then appends
> another '\0' at a potentially out of bounds address.
not sure it could get out of bounds, but i think
the change is right, it matches the memcpy before
and I dont see reason to add +1
Acked-by: Jiri Olsa <jolsa@kernel.org>
thanks,
jirka
>
> Signed-off-by: Ian Rogers <irogers@google.com>
> ---
> tools/perf/util/annotate.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
> index ef1866a902c4..bee0fee122f8 100644
> --- a/tools/perf/util/annotate.c
> +++ b/tools/perf/util/annotate.c
> @@ -1892,7 +1892,7 @@ static char *expand_tabs(char *line, char **storage, size_t *storage_len)
> }
>
> /* Expand the last region. */
> - len = line_len + 1 - src;
> + len = line_len - src;
> memcpy(&new_line[dst], &line[src], len);
> dst += len;
> new_line[dst] = '\0';
> --
> 2.24.0.rc0.303.g954a862665-goog
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] perf annotate: fix heap overflow
2019-10-28 19:29 ` Jiri Olsa
@ 2019-11-06 19:01 ` Arnaldo Carvalho de Melo
0 siblings, 0 replies; 4+ messages in thread
From: Arnaldo Carvalho de Melo @ 2019-11-06 19:01 UTC (permalink / raw
To: Jiri Olsa
Cc: Ian Rogers, Peter Zijlstra, Ingo Molnar, Mark Rutland,
Alexander Shishkin, Namhyung Kim, Jin Yao, Song Liu, linux-kernel,
Stephane Eranian
Em Mon, Oct 28, 2019 at 08:29:08PM +0100, Jiri Olsa escreveu:
> On Fri, Oct 25, 2019 at 08:56:44PM -0700, Ian Rogers wrote:
> > Fix expand_tabs that copies the source lines '\0' and then appends
> > another '\0' at a potentially out of bounds address.
>
> not sure it could get out of bounds, but i think
> the change is right, it matches the memcpy before
> and I dont see reason to add +1
>
> Acked-by: Jiri Olsa <jolsa@kernel.org>
Thanks, applied,
- Arnaldo
^ permalink raw reply [flat|nested] 4+ messages in thread
* [tip: perf/core] perf annotate: Fix heap overflow
2019-10-26 3:56 [PATCH] perf annotate: fix heap overflow Ian Rogers
2019-10-28 19:29 ` Jiri Olsa
@ 2019-11-12 11:17 ` tip-bot2 for Ian Rogers
1 sibling, 0 replies; 4+ messages in thread
From: tip-bot2 for Ian Rogers @ 2019-11-12 11:17 UTC (permalink / raw
To: linux-tip-commits
Cc: Ian Rogers, Jiri Olsa, Alexander Shishkin, Jin Yao, Mark Rutland,
Namhyung Kim, Peter Zijlstra, Song Liu, Stephane Eranian,
Arnaldo Carvalho de Melo, Ingo Molnar, Borislav Petkov,
linux-kernel
The following commit has been merged into the perf/core branch of tip:
Commit-ID: 5c65b1c0842f9daddc6aec4bdb4b5d898006be19
Gitweb: https://git.kernel.org/tip/5c65b1c0842f9daddc6aec4bdb4b5d898006be19
Author: Ian Rogers <irogers@google.com>
AuthorDate: Fri, 25 Oct 2019 20:56:44 -07:00
Committer: Arnaldo Carvalho de Melo <acme@redhat.com>
CommitterDate: Thu, 07 Nov 2019 08:30:18 -03:00
perf annotate: Fix heap overflow
Fix expand_tabs that copies the source lines '\0' and then appends
another '\0' at a potentially out of bounds address.
Signed-off-by: Ian Rogers <irogers@google.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lore.kernel.org/lkml/20191026035644.217548-1-irogers@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/annotate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index ef1866a..bee0fee 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1892,7 +1892,7 @@ static char *expand_tabs(char *line, char **storage, size_t *storage_len)
}
/* Expand the last region. */
- len = line_len + 1 - src;
+ len = line_len - src;
memcpy(&new_line[dst], &line[src], len);
dst += len;
new_line[dst] = '\0';
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-12 11:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-10-26 3:56 [PATCH] perf annotate: fix heap overflow Ian Rogers
2019-10-28 19:29 ` Jiri Olsa
2019-11-06 19:01 ` Arnaldo Carvalho de Melo
2019-11-12 11:17 ` [tip: perf/core] perf annotate: Fix " tip-bot2 for Ian Rogers
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.