Re: [PATCH] perf parse-events: add defensive null check

From: Arnaldo Carvalho de Melo
Date: Wed Mar 25 2020 - 15:25:45 EST


Em Wed, Mar 25, 2020 at 09:40:22AM -0700, Ian Rogers escreveu:
> Terms may have a null config in which case a strcmp will segv. This can
> be reproduced with:
> perf stat -e '*/event=?,nr/' sleep 1
> Add a null check to avoid this. This was caught by LLVM's libfuzzer.

Adding the NULL check doesn't hurt, I guess, but I coudln't repro it:

[root@seventh ~]# perf stat -e '*/event=?,nr/' sleep 1
WARNING: multiple event parsing errors
event syntax error: '*/event=?,nr/'
\___ 'nr' is not usable in 'perf stat'

Initial error:
event syntax error: '*/event=?,nr/'
\___ Cannot find PMU `*'. Missing kernel support?
Run 'perf list' for a list of valid events

Usage: perf stat [<options>] [<command>]

-e, --event <event> event selector. use 'perf list' to list available events
[root@seventh ~]#

Does this take place only when libfuzzer is being used?

- Arnaldo

> Signed-off-by: Ian Rogers <irogers@xxxxxxxxxx>
> ---
> tools/perf/util/pmu.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/tools/perf/util/pmu.c b/tools/perf/util/pmu.c
> index 616fbda7c3fc..ef6a63f3d386 100644
> --- a/tools/perf/util/pmu.c
> +++ b/tools/perf/util/pmu.c
> @@ -984,12 +984,11 @@ static int pmu_resolve_param_term(struct parse_events_term *term,
> struct parse_events_term *t;
>
> list_for_each_entry(t, head_terms, list) {
> - if (t->type_val == PARSE_EVENTS__TERM_TYPE_NUM) {
> - if (!strcmp(t->config, term->config)) {
> - t->used = true;
> - *value = t->val.num;
> - return 0;
> - }
> + if (t->type_val == PARSE_EVENTS__TERM_TYPE_NUM &&
> + t->config && !strcmp(t->config, term->config)) {
> + t->used = true;
> + *value = t->val.num;
> + return 0;
> }
> }
>
> --
> 2.25.1.696.g5e7596f4ac-goog
>

--

- Arnaldo