Re: [PATCH v3] perf header: Validate build_id filename length to prevent buffer overflow

Next message: Google: "Re: [PATCH] kernel/trace: fixed static warnings"
Previous message: Edgecombe, Rick P: "Re: [PATCH 07/17] KVM: x86/tdp_mmu: Centralize updates to present external PTEs"
In reply to: SeungJu Cheon: "[PATCH v3] perf header: Validate build_id filename length to prevent buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Namhyung Kim

Date: Fri Apr 03 2026 - 20:18:14 EST

On Fri, 03 Apr 2026 01:04:10 +0900, SeungJu Cheon wrote:
> The build_id parsing functions calculate a filename length from the
> event header size and read directly into a stack buffer of PATH_MAX
> bytes without bounds checking. A malformed perf.data file with a
> crafted header.size can cause the length to be negative or exceed
> PATH_MAX, resulting in a stack buffer overflow.
>
> Add bounds checking for the filename length in both
> perf_header__read_build_ids() and the ABI quirk variant. Print a
> warning message when invalid length is detected.
>
> [...]
Applied to perf-tools-next, thanks!

Best regards,
Namhyung