LKML Archive on
 help / color / Atom feed
From: Vince Weaver <>
Cc: Arnaldo Carvalho de Melo <>,
	Peter Zijlstra <>,
	Ingo Molnar <>,
	Alexander Shishkin <>,
	Jiri Olsa <>, Namhyung Kim <>
Subject: [patch] perf tool divide by zero error if f_header.attr_size==0
Date: Tue, 23 Jul 2019 11:06:01 -0400 (EDT)
Message-ID: <alpine.DEB.2.21.1907231100440.14532@macbook-air> (raw)


so I have been having lots of trouble with hand-crafted files 
causing segfaults and the like, so I have started fuzzing the perf tool.

First issue found:

If f_header.attr_size is 0 in the file, then perf will crash
with a divide-by-zero error.

Signed-off-by: Vince Weaver <>

diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
index c24db7f4909c..26df60ee9460 100644
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -3559,6 +3559,10 @@ int perf_session__read_header(struct perf_session *session)
+	if (f_header.attr_size == 0) {
+		return -EINVAL;
+	}
 	nr_attrs = f_header.attrs.size / f_header.attr_size;
 	lseek(fd, f_header.attrs.offset, SEEK_SET);

             reply index

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-23 15:06 Vince Weaver [this message]
2019-07-23 15:17 ` Arnaldo Carvalho de Melo
2019-07-23 20:42 ` [patch] perf tool buffer overflow in perf_header__read_build_ids Vince Weaver
2019-07-26 19:05   ` Arnaldo Carvalho de Melo
2019-08-23 20:42     ` Vince Weaver
2019-08-25 14:33       ` Arnaldo Carvalho de Melo
2019-07-26 19:00 ` [patch] perf tool divide by zero error if f_header.attr_size==0 Arnaldo Carvalho de Melo
2019-07-29 21:34 ` [tip:perf/urgent] perf header: Fix " tip-bot for Vince Weaver

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.21.1907231100440.14532@macbook-air \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on

Archives are clonable:
	git clone --mirror lkml/git/0.git
	git clone --mirror lkml/git/1.git
	git clone --mirror lkml/git/2.git
	git clone --mirror lkml/git/3.git
	git clone --mirror lkml/git/4.git
	git clone --mirror lkml/git/5.git
	git clone --mirror lkml/git/6.git
	git clone --mirror lkml/git/7.git
	git clone --mirror lkml/git/8.git
	git clone --mirror lkml/git/9.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ \
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone