is_directory() uses sprintf() which could potentially result in a stack buffer overrun. Change to use snprintf() and assert that the output fits in the buffer. Signed-off-by: Ben Hutchings --- A better fix would be to pass the directory fd in and use fstatat() but I don't know whether you want to support older kernel versions or C libraries that don't support this. Ben. tools/perf/util/path.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/perf/util/path.c b/tools/perf/util/path.c index ca56ba2dd3da..333e20f78ced 100644 --- a/tools/perf/util/path.c +++ b/tools/perf/util/path.c @@ -84,8 +84,11 @@ bool is_directory(const char *base_path, const struct dirent *dent) { char path[PATH_MAX]; struct stat st; + int len; + + len = snprintf(path, sizeof(path), "%s/%s", base_path, dent->d_name); + assert((size_t)len < sizeof(path)); - sprintf(path, "%s/%s", base_path, dent->d_name); if (stat(path, &st)) return false;