Re: [PATCH v1] perf symbol-minimal: Be more defensive when reading build IDs

From: Arnaldo Carvalho de Melo
Date: Thu Oct 02 2025 - 14:02:59 EST

Next message: James Morse: "Re: [PATCH v2 17/29] arm_mpam: Extend reset logic to allow devices to be reset any time"
Previous message: Eliav Farber: "[PATCH v3 03/11 6.1.y] minmax: improve macro expansion and type checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Sep 14, 2025 at 11:31:31AM -0700, Ian Rogers wrote:
> The note_data at ptr is read as a nhdr but this may yield
> out-of-bounds reads if there isn't nhdrs worth of data. Be more
> defensive before doing the reads. This is motivated by address
> sanitizer capturing out of bounds reads running "perf top".

Thanks, applied to perf-tools-next,

- Arnaldo

> Signed-off-by: Ian Rogers <irogers@xxxxxxxxxx>
> ---
> tools/perf/util/symbol-minimal.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/symbol-minimal.c b/tools/perf/util/symbol-minimal.c
> index 41e4ebe5eac5..aeb253248895 100644
> --- a/tools/perf/util/symbol-minimal.c
> +++ b/tools/perf/util/symbol-minimal.c
> @@ -42,7 +42,7 @@ static int read_build_id(void *note_data, size_t note_len, struct build_id *bid,
> void *ptr;
>
> ptr = note_data;
> - while (ptr < (note_data + note_len)) {
> + while ((ptr + sizeof(*nhdr)) < (note_data + note_len)) {
> const char *name;
> size_t namesz, descsz;
>
> --
> 2.51.0.384.g4c02a37b29-goog

Next message: James Morse: "Re: [PATCH v2 17/29] arm_mpam: Extend reset logic to allow devices to be reset any time"
Previous message: Eliav Farber: "[PATCH v3 03/11 6.1.y] minmax: improve macro expansion and type checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]