Re: [PATCH 01/13] perf symbols: Fix bswap copy-paste error for 32-bit ELF p_filesz

[Ian Rogers]

On Fri, Jun 12, 2026 at 3:24 PM Arnaldo Carvalho de Melo
<acme@xxxxxxxxxx> wrote:
>
> From: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
>
> filename__read_build_id() byte-swaps 32-bit ELF program headers on
> cross-endian files, but line 178 passes p_offset to bswap_32() instead
> of p_filesz:
>
>   hdrs.phdr32[i].p_filesz = bswap_32(hdrs.phdr32[i].p_offset);
>
> This clobbers p_filesz with the already-swapped p_offset value.  The
> 64-bit path on line 182 is correct and swaps p_filesz from p_filesz.
>
> The consequence is that the PT_NOTE segment read uses the wrong size,
> which can cause either a short read (missing the build-id) or an
> oversized read (reading past the segment into adjacent data).
>
> Fix by swapping the correct field.
>
> Reported-by: sashiko-bot <sashiko-bot@xxxxxxxxxx>
> Fixes: fef8f648bb47726d ("perf symbol: Fix use-after-free in filename__read_build_id")
> Cc: Ian Rogers <irogers@xxxxxxxxxx>
> Assisted-by: Claude Opus 4.6 <noreply@xxxxxxxxxxxxx>
> Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>

Reviewed-by: Ian Rogers <irogers@xxxxxxxxxx>

Thanks,
Ian

> ---
>  tools/perf/util/symbol-minimal.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/symbol-minimal.c b/tools/perf/util/symbol-minimal.c
> index 091071d06416e290..f4b0a711a62cf3de 100644
> --- a/tools/perf/util/symbol-minimal.c
> +++ b/tools/perf/util/symbol-minimal.c
> @@ -175,7 +175,7 @@ int filename__read_build_id(const char *filename, struct build_id *bid)
>                         if (elf32) {
>                                 hdrs.phdr32[i].p_type = bswap_32(hdrs.phdr32[i].p_type);
>                                 hdrs.phdr32[i].p_offset = bswap_32(hdrs.phdr32[i].p_offset);
> -                               hdrs.phdr32[i].p_filesz = bswap_32(hdrs.phdr32[i].p_offset);
> +                               hdrs.phdr32[i].p_filesz = bswap_32(hdrs.phdr32[i].p_filesz);
>                         } else {
>                                 hdrs.phdr64[i].p_type = bswap_32(hdrs.phdr64[i].p_type);
>                                 hdrs.phdr64[i].p_offset = bswap_64(hdrs.phdr64[i].p_offset);
> --
> 2.54.0
>