Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp11187870ybi; Thu, 25 Jul 2019 11:31:08 -0700 (PDT) X-Google-Smtp-Source: APXvYqzH5Khv76gTkSECv6aYKCwE/mridlrYIj6R6B5Et9gDNdjOYQ6EEz2AVPPLa/xD+0wIN+4l X-Received: by 2002:a65:63c4:: with SMTP id n4mr86620376pgv.44.1564079468621; Thu, 25 Jul 2019 11:31:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564079468; cv=none; d=google.com; s=arc-20160816; b=LAoeY7Do1grQpqSy9PIGhCkZ02jTA5sHSDOmgk0zqKE4rpIuFfyB6OZ98ju+bZpfav 9zMQSFi76vDAsjCTfbaMrdL7bgk8FNUNRan1wMTNim7zrKzPXp29RMvw1dQa0mvC8QE2 s1bF5jIKnIGWNsC7FxtmV5ZNKkVYa5ZHUqby3jj29rWbmlNbpZ8fDsdzaFpDKFa3u8FI QGXSUE2KLgPYWjjbY5J8PZ7k8sJ2unBP5aD98IryBgBYK4Py+1mLnFDmOdniEsJcUce9 faLPV82gkhsZkSVNyv4178Mtk7eX7aOmBjcFNagQa1fab/JBD6dvkLEaI4UmDjxUU8m3 OPLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :subject:cc:to:date:from:dkim-signature; bh=P4CCz8h/sb1Hg6P4gplDK79Mjvk5eov5xfIeAMWHuFQ=; b=w0Q8x5otsJB0pRWXcYF2j2ndFzUiV6bnIaBTd1IuzxfuKacr2BAXbehFw67Fv84wQk 0sX/4T6Gq6kgMR4Ej/6F8NilzgZFnz4uBFJu/Z7HM2IoaKTJQFj2vxU8W/6/mUgmooFs ijnodxgTVTqSob3P65KhiBUZI/Z+mYf4wBOlKrfog1VwIp1+fVV1DrMs8jQdTuHOJfU1 mszOMSOwgjgRw+OwAgrkVsYUFQC21K+Scxzf6dcXwMRLnald651+7U9NO28RdWbZze3m OwdooZQOihFHwiO4gz+lEDPA1/gRPe1Pj2e5c37URXJ4/0yzbbvW4YV1O4CC8luvgLa+ 2D/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@maine.edu header.s=google header.b=S7vms56M; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i127si16562457pfc.177.2019.07.25.11.30.53; Thu, 25 Jul 2019 11:31:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@maine.edu header.s=google header.b=S7vms56M; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726166AbfGYS1T (ORCPT + 99 others); Thu, 25 Jul 2019 14:27:19 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:39437 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725800AbfGYS1S (ORCPT ); Thu, 25 Jul 2019 14:27:18 -0400 Received: by mail-qt1-f195.google.com with SMTP id l9so50017767qtu.6 for ; Thu, 25 Jul 2019 11:27:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maine.edu; s=google; h=from:date:to:cc:subject:message-id:user-agent:mime-version; bh=P4CCz8h/sb1Hg6P4gplDK79Mjvk5eov5xfIeAMWHuFQ=; b=S7vms56Mu5rVxjLWZHlGqJbYmTrcanBA6gTq5t303UihJXmVRdeMG9lSFgeTTZW3vH ZL29capltikE6wSzZNVdjdzvXG1e1bKEVaCnfDpZ08r73K2f9/Q4VrRVNFmtmF/UYf+v PpbMpqK+gFgPPfrsEKil7XumdcrP8VKWAy4nM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:user-agent :mime-version; bh=P4CCz8h/sb1Hg6P4gplDK79Mjvk5eov5xfIeAMWHuFQ=; b=rzQRdITwCdsUckv1lQ6oniXSMnd7sygWWbo20q6+/11XKbEp2kS7KAk18IJGqx8+n7 J77+2dZA1cRejtNEwhKfcFvKX82+WE/c5LvsHDM7yGrMHL9FQjHwZ+XTVvZf70YHy6vE qO0zGAb6f1BENl2bvT7sMPNt0K3QCVdnDN7rp0oYkUoIuV7tWjIDpsQPteJSSiy4Kr3t oUw/saL86c9scEEI0KL0EldJnvA3jb6Unn0+W/Sc55UBpT7wYorqdmBQbS23VaaLYc1q 6wK8IYKcZu9DqWLbvOzSx24uBdqrEbu4DnFclXXcaHjF31HEYLkwPen/PxfmtAgaGJ// MflQ== X-Gm-Message-State: APjAAAUTW7+sl43q9i7OLP4BLYurPdPsV7Y7fd8W4PF2hZjiRbE1/blC HIb0Aq/jY25ItDSk8n/4oBidorKZaOo= X-Received: by 2002:ac8:30a7:: with SMTP id v36mr61537994qta.119.1564079237322; Thu, 25 Jul 2019 11:27:17 -0700 (PDT) Received: from macbook-air (weaver.eece.maine.edu. [130.111.218.23]) by smtp.gmail.com with ESMTPSA id v75sm24789895qka.38.2019.07.25.11.27.15 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 25 Jul 2019 11:27:16 -0700 (PDT) From: Vince Weaver X-Google-Original-From: Vince Weaver Date: Thu, 25 Jul 2019 14:27:14 -0400 (EDT) X-X-Sender: vince@macbook-air To: linux-kernel@vger.kernel.org cc: Arnaldo Carvalho de Melo , Peter Zijlstra , Ingo Molnar , Alexander Shishkin , Jiri Olsa , Namhyung Kim Subject: [patch] perf report segfault with 0-sized strings Message-ID: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, the perf_data_fuzzer found an issue when strings have size 0. malloc() in do_read_string() is happy to allocate a string of size 0 but when code (in this case the pmu parser) tries to work with those it will segfault. Signed-off-by: Vince Weaver diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index c24db7f4909c..641129efa987 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -251,6 +252,9 @@ static char *do_read_string(struct feat_fd *ff) if (do_read_u32(ff, &len)) return NULL; + if (len==0) + return NULL; + buf = malloc(len); if (!buf) return NULL; @@ -1781,6 +1785,10 @@ static void print_pmu_mappings(struct feat_fd *ff, FILE *fp) str = ff->ph->env.pmu_mappings; while (pmu_num) { + + if (str==NULL) + goto error; + type = strtoul(str, &tmp, 0); if (*tmp != ':') goto error;