Re: [PATCH 01/11] perf tools: Fix get_max_num() size_t underflow on empty sysfs file
From: Ian Rogers
Date: Mon Jun 08 2026 - 17:40:19 EST
On Mon, Jun 8, 2026 at 1:18 PM Arnaldo Carvalho de Melo <acme@xxxxxxxxxx> wrote:
>
> From: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
>
> get_max_num() reads a sysfs file (cpu/possible, cpu/present, or
> node/possible) and scans backward from the end to find the last
> number. If the file is empty, filename__read_str() returns num == 0.
> The loop `while (--num)` decrements the size_t from 0 to SIZE_MAX,
> reading backward across the heap until a comma or hyphen is found
> or unmapped memory is hit.
>
> Add an early return for empty files before the backward scan.
>
> Fixes: 7780c25bae59fd04 ("perf tools: Allow ability to map cpus to nodes easily")
> Reported-by: sashiko-bot <sashiko-bot@xxxxxxxxxx>
> Cc: Don Zickus <dzickus@xxxxxxxxxx>
> Cc: Ian Rogers <irogers@xxxxxxxxxx>
> Assisted-by: Claude Opus 4.6 <noreply@xxxxxxxxxxxxx>
> Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
Reviewed-by: Ian Rogers <irogers@xxxxxxxxxx>
Thanks,
Ian
> ---
> tools/perf/util/cpumap.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/tools/perf/util/cpumap.c b/tools/perf/util/cpumap.c
> index 21fa781b03cc7409..1fab00ec4a59a0c7 100644
> --- a/tools/perf/util/cpumap.c
> +++ b/tools/perf/util/cpumap.c
> @@ -448,6 +448,12 @@ static int get_max_num(char *path, int *max)
>
> buf[num] = '\0';
>
> + /* empty file — nothing to parse */
> + if (num == 0) {
> + err = -1;
> + goto out;
> + }
> +
> /* start on the right, to find highest node num */
> while (--num) {
> if ((buf[num] == ',') || (buf[num] == '-')) {
> --
> 2.54.0
>