All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] perf annotate: fix heap overflow
@ 2019-10-26  3:56 Ian Rogers
  2019-10-28 19:29 ` Jiri Olsa
  2019-11-12 11:17 ` [tip: perf/core] perf annotate: Fix " tip-bot2 for Ian Rogers
  0 siblings, 2 replies; 4+ messages in thread
From: Ian Rogers @ 2019-10-26  3:56 UTC (permalink / raw)
  To: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Mark Rutland, Alexander Shishkin, Jiri Olsa, Namhyung Kim,
	Jin Yao, Song Liu, linux-kernel
  Cc: Stephane Eranian, Ian Rogers

Fix expand_tabs that copies the source lines '\0' and then appends
another '\0' at a potentially out of bounds address.

Signed-off-by: Ian Rogers <irogers@google.com>
---
 tools/perf/util/annotate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index ef1866a902c4..bee0fee122f8 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1892,7 +1892,7 @@ static char *expand_tabs(char *line, char **storage, size_t *storage_len)
 	}
 
 	/* Expand the last region. */
-	len = line_len + 1 - src;
+	len = line_len - src;
 	memcpy(&new_line[dst], &line[src], len);
 	dst += len;
 	new_line[dst] = '\0';
-- 
2.24.0.rc0.303.g954a862665-goog


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] perf annotate: fix heap overflow
  2019-10-26  3:56 [PATCH] perf annotate: fix heap overflow Ian Rogers
@ 2019-10-28 19:29 ` Jiri Olsa
  2019-11-06 19:01   ` Arnaldo Carvalho de Melo
  2019-11-12 11:17 ` [tip: perf/core] perf annotate: Fix " tip-bot2 for Ian Rogers
  1 sibling, 1 reply; 4+ messages in thread
From: Jiri Olsa @ 2019-10-28 19:29 UTC (permalink / raw)
  To: Ian Rogers
  Cc: Peter Zijlstra, Ingo Molnar, Arnaldo Carvalho de Melo,
	Mark Rutland, Alexander Shishkin, Namhyung Kim, Jin Yao,
	Song Liu, linux-kernel, Stephane Eranian

On Fri, Oct 25, 2019 at 08:56:44PM -0700, Ian Rogers wrote:
> Fix expand_tabs that copies the source lines '\0' and then appends
> another '\0' at a potentially out of bounds address.

not sure it could get out of bounds, but i think
the change is right, it matches the memcpy before
and I dont see reason to add +1

Acked-by: Jiri Olsa <jolsa@kernel.org>

thanks,
jirka


> 
> Signed-off-by: Ian Rogers <irogers@google.com>
> ---
>  tools/perf/util/annotate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
> index ef1866a902c4..bee0fee122f8 100644
> --- a/tools/perf/util/annotate.c
> +++ b/tools/perf/util/annotate.c
> @@ -1892,7 +1892,7 @@ static char *expand_tabs(char *line, char **storage, size_t *storage_len)
>  	}
>  
>  	/* Expand the last region. */
> -	len = line_len + 1 - src;
> +	len = line_len - src;
>  	memcpy(&new_line[dst], &line[src], len);
>  	dst += len;
>  	new_line[dst] = '\0';
> -- 
> 2.24.0.rc0.303.g954a862665-goog
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] perf annotate: fix heap overflow
  2019-10-28 19:29 ` Jiri Olsa
@ 2019-11-06 19:01   ` Arnaldo Carvalho de Melo
  0 siblings, 0 replies; 4+ messages in thread
From: Arnaldo Carvalho de Melo @ 2019-11-06 19:01 UTC (permalink / raw)
  To: Jiri Olsa
  Cc: Ian Rogers, Peter Zijlstra, Ingo Molnar, Mark Rutland,
	Alexander Shishkin, Namhyung Kim, Jin Yao, Song Liu,
	linux-kernel, Stephane Eranian

Em Mon, Oct 28, 2019 at 08:29:08PM +0100, Jiri Olsa escreveu:
> On Fri, Oct 25, 2019 at 08:56:44PM -0700, Ian Rogers wrote:
> > Fix expand_tabs that copies the source lines '\0' and then appends
> > another '\0' at a potentially out of bounds address.
> 
> not sure it could get out of bounds, but i think
> the change is right, it matches the memcpy before
> and I dont see reason to add +1
> 
> Acked-by: Jiri Olsa <jolsa@kernel.org>


Thanks, applied,

- Arnaldo

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [tip: perf/core] perf annotate: Fix heap overflow
  2019-10-26  3:56 [PATCH] perf annotate: fix heap overflow Ian Rogers
  2019-10-28 19:29 ` Jiri Olsa
@ 2019-11-12 11:17 ` tip-bot2 for Ian Rogers
  1 sibling, 0 replies; 4+ messages in thread
From: tip-bot2 for Ian Rogers @ 2019-11-12 11:17 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: Ian Rogers, Jiri Olsa, Alexander Shishkin, Jin Yao, Mark Rutland,
	Namhyung Kim, Peter Zijlstra, Song Liu, Stephane Eranian,
	Arnaldo Carvalho de Melo, Ingo Molnar, Borislav Petkov,
	linux-kernel

The following commit has been merged into the perf/core branch of tip:

Commit-ID:     5c65b1c0842f9daddc6aec4bdb4b5d898006be19
Gitweb:        https://git.kernel.org/tip/5c65b1c0842f9daddc6aec4bdb4b5d898006be19
Author:        Ian Rogers <irogers@google.com>
AuthorDate:    Fri, 25 Oct 2019 20:56:44 -07:00
Committer:     Arnaldo Carvalho de Melo <acme@redhat.com>
CommitterDate: Thu, 07 Nov 2019 08:30:18 -03:00

perf annotate: Fix heap overflow

Fix expand_tabs that copies the source lines '\0' and then appends
another '\0' at a potentially out of bounds address.

Signed-off-by: Ian Rogers <irogers@google.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <songliubraving@fb.com>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lore.kernel.org/lkml/20191026035644.217548-1-irogers@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
 tools/perf/util/annotate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index ef1866a..bee0fee 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1892,7 +1892,7 @@ static char *expand_tabs(char *line, char **storage, size_t *storage_len)
 	}
 
 	/* Expand the last region. */
-	len = line_len + 1 - src;
+	len = line_len - src;
 	memcpy(&new_line[dst], &line[src], len);
 	dst += len;
 	new_line[dst] = '\0';

^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-12 11:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-26  3:56 [PATCH] perf annotate: fix heap overflow Ian Rogers
2019-10-28 19:29 ` Jiri Olsa
2019-11-06 19:01   ` Arnaldo Carvalho de Melo
2019-11-12 11:17 ` [tip: perf/core] perf annotate: Fix " tip-bot2 for Ian Rogers

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.