LKML Archive on
 help / color / Atom feed
From: Stephane Eranian <>
Subject: [PATCH] perf record: fix buffer overrun bug in tracepoint_id_to_path()
Date: Tue, 13 Mar 2012 16:51:02 +0100
Message-ID: <20120313155102.GA6465@quad> (raw)

This patch fixes a buffer overrun bug in tracepoint_id_to_path().
The bug manisfested itself as a memory error reported by perf record.
I ran into it with perf sched:

$ perf sched rec noploop 2
noploop for 2 seconds
[ perf record: Woken up 14 times to write data ]
[ perf record: Captured and wrote 42.701 MB (~1865622 samples) ]
  Fatal: No memory to alloc tracepoints list

It turned out that tracepoint_id_to_path() was reading the tracepoint id
using read() but the buffer was not large enough to include the \n terminator
for id with 4 digits or more.

The patch fixes the problem by extending the buffer to a more reasonable size
covering all possible id length include \n terminator. Note that atoll() stops
at the first non digit character, thus it is not necessary to clear the buffer
between each read.

Signed-off-by: Stephane Eranian <>

diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c
index b029296..8a3c8c0 100644
--- a/tools/perf/util/parse-events.c
+++ b/tools/perf/util/parse-events.c
@@ -165,7 +165,7 @@ struct tracepoint_path *tracepoint_id_to_path(u64 config)
 	struct tracepoint_path *path = NULL;
 	DIR *sys_dir, *evt_dir;
 	struct dirent *sys_next, *evt_next, sys_dirent, evt_dirent;
-	char id_buf[4];
+	char id_buf[24];
 	int fd;
 	u64 id;
 	char evt_path[MAXPATHLEN];

             reply index

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-13 15:51 Stephane Eranian [this message]
2012-03-13 16:17 ` [tip:perf/urgent] perf record: Fix " tip-bot for Stephane Eranian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120313155102.GA6465@quad \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on

Archives are clonable:
	git clone --mirror lkml/git/0.git
	git clone --mirror lkml/git/1.git
	git clone --mirror lkml/git/2.git
	git clone --mirror lkml/git/3.git
	git clone --mirror lkml/git/4.git
	git clone --mirror lkml/git/5.git
	git clone --mirror lkml/git/6.git
	git clone --mirror lkml/git/7.git
	git clone --mirror lkml/git/8.git
	git clone --mirror lkml/git/9.git
	git clone --mirror lkml/git/10.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ \
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone