Re: [PATCH 09/11] perf hists: Fix snprintf() in hists__scnprintf_title() UID filter path
From: Ian Rogers
Date: Mon Jun 08 2026 - 18:07:11 EST
On Mon, Jun 8, 2026 at 1:18 PM Arnaldo Carvalho de Melo <acme@xxxxxxxxxx> wrote:
>
> From: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
>
> hists__scnprintf_title() accumulates formatted output into a buffer
> using scnprintf() for all filter clauses except the UID filter, which
> uses snprintf(). If the buffer fills up and snprintf() returns more
> than the remaining space, printed exceeds size and the next 'size -
> printed' underflows, causing later scnprintf() calls to write past
> the buffer.
>
> Switch the UID filter clause to scnprintf() to match the rest of the
> function.
>
> Fixes: 25c312dbf88ca402 ("perf hists: Move hists__scnprintf_title() away from the TUI code")
> Reported-by: sashiko-bot <sashiko-bot@xxxxxxxxxx>
> Cc: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
> Assisted-by: Claude Opus 4.6 <noreply@xxxxxxxxxxxxx>
> Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
Reviewed-by: Ian Rogers <irogers@xxxxxxxxxx>
Thanks,
Ian
> ---
> tools/perf/util/hist.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
> index 811d68fa6770c5b7..df978c996b6c2262 100644
> --- a/tools/perf/util/hist.c
> +++ b/tools/perf/util/hist.c
> @@ -2963,9 +2963,10 @@ int __hists__scnprintf_title(struct hists *hists, char *bf, size_t size, bool sh
> ev_name, sample_freq_str, enable_ref ? ref : " ", nr_events);
>
>
> - if (hists->uid_filter_str)
> - printed += snprintf(bf + printed, size - printed,
> - ", UID: %s", hists->uid_filter_str);
> + if (hists->uid_filter_str) {
> + printed += scnprintf(bf + printed, size - printed,
> + ", UID: %s", hists->uid_filter_str);
> + }
> if (thread) {
> if (hists__has(hists, thread)) {
> printed += scnprintf(bf + printed, size - printed,
> --
> 2.54.0
>