Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp468485ybi; Fri, 26 Jul 2019 12:55:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqwuEowwmd7NskNKd2UmP08OTvdg1+rbLIS09BP61smcY/pk+LhDRMzJZEZkP4OLRqxqG663 X-Received: by 2002:a17:90a:360b:: with SMTP id s11mr98524404pjb.51.1564170957850; Fri, 26 Jul 2019 12:55:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564170957; cv=none; d=google.com; s=arc-20160816; b=sPyZh66MHB9VSiPx+nry1o5SNFPfMg/I01amOZlyRZK0dzXUywJ+YmiO2iVB0lPdcL Ib17Jd5EU3kQoq2XLfq5jKpkAxcx7WQ55+OcPucQsUb1HlrxslPVpU32BZ7m26dnfgNV liSte0O45yzb4rN2G2IqIwlzd6Q/en4JlSXqlUVbyKSqRgnbjpfeVg1dToUu8HSFVJXu DXXXbHWEkZHTISGWNK/EGUS1VDQjWbislATBmgNniNxwpeZpTP8Lzux3XyLePxZ7ya8N KZgjUdfQnTscr9TipKgkiR2jPqKRpCTGGnWpk/VPhhMCzNeeqGMtJhNUG+97fDyYzZQU Na2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:date:from:dkim-signature; bh=I10/oU0PFDARVAgkqlcuLI1H2p3iKjf7ry3uMpP3L8s=; b=PuMBvAmkFEpjpOXra7CqvVXnljcwblf+sdKGfgXi9qkxFzE1bjwiJmdf60K58egXQf 97IG2jKkntjpVkrmO8LAf6Se0Vgcm9uJv/1Da/myT+LnJjVhje8Zu5YlgWF9GA9tAMQ4 DYZEnZ+lmtdcI16ekdcDaSMQlQNdZjLqbgCK9uTXpcbexIhAoxzHtvChYYzliMxnKRR1 W9N0kKG0Vy2oW1bWYmcj5odo7vk7CJhPt5ubpKKAtVsVuiYEf6ItgHMs97o9Fh2JKrwJ 9CRo2NGebLy7xlxnEkPRTXyn+J1ATZCmR9HPNZV+ruCXso+lNMutrs2YPDM/9HqgnqEu XGBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=eWslAz7r; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s6si20509935plp.229.2019.07.26.12.55.42; Fri, 26 Jul 2019 12:55:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=eWslAz7r; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388457AbfGZTJ7 (ORCPT + 99 others); Fri, 26 Jul 2019 15:09:59 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:40724 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726970AbfGZTJ6 (ORCPT ); Fri, 26 Jul 2019 15:09:58 -0400 Received: by mail-qt1-f195.google.com with SMTP id a15so53643624qtn.7 for ; Fri, 26 Jul 2019 12:09:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=I10/oU0PFDARVAgkqlcuLI1H2p3iKjf7ry3uMpP3L8s=; b=eWslAz7r23Ss2BSZeYLM1wHW6ES45e3i+imLBE8tIsIPLdOfqxdy+cjTx+4Qe3qE5W ePhDO7TNxUF1TYmz1OGoAeEAy+I1oyEriwBO+G0nwe0ygxPhnINwk4KF+rJS04jtb5i1 CCwNGiPuJOnFCil6rgnmcW/lYk+JoUoecvuhj5LiFUiC2HOWoJHU+XOjhEFz+NjJovwx 9pksWOMVoD+NxTtgeIg3Vh/51ab+jVlOLrKCwGrcPDX7j9h19ISjROUN5TAriGGSTnj1 mlSsFF9ax/LNpyEX8j4NO/sGxy0UL8JHVL74Wgtay7MCZSubd3zqYGAaJvF7JHCN8TKT 3KvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=I10/oU0PFDARVAgkqlcuLI1H2p3iKjf7ry3uMpP3L8s=; b=Z/NuDaeo4thPF5OtB1Azb5aa3xTBu3nQ8dwLgTJJKpdptUVV74togJIUw/O3yGkkcj Jy838rQvhai62MJzbT36eeWkK3BejBSujOZP9lOsidwG9IEf6TjUu8/R4+jppoIR8GdG MkDpeIyFWm83otoLuqFmeZ0K5j6u1IRXhkmofpTo/rGz74soii8Ahyyb2mPv9bBeMDLO 5Yhi8CP+u51Rc0ey7AjS+znpHnnz4PRg0E2YzKxDAVSzMX+Pknx+IMZsMUwlNJSddZe9 GM2i+gCNffjUo3ygJs7q2L+AptpEJqF//Ui4XttvG7+AY7VrK9kNl3cWaiG00q6rpWjM 1T6Q== X-Gm-Message-State: APjAAAUAiq+DpWIkA03z8JS5FSv3pIV23WqFNJVINngODrryvTJQpLL0 4S6yQesk77nE6GYPhlTZoAE= X-Received: by 2002:aed:22af:: with SMTP id p44mr69273443qtc.348.1564168197593; Fri, 26 Jul 2019 12:09:57 -0700 (PDT) Received: from quaco.ghostprotocols.net ([179.97.35.50]) by smtp.gmail.com with ESMTPSA id z19sm25052511qkg.28.2019.07.26.12.09.57 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Fri, 26 Jul 2019 12:09:57 -0700 (PDT) From: Arnaldo Carvalho de Melo X-Google-Original-From: Arnaldo Carvalho de Melo Received: by quaco.ghostprotocols.net (Postfix, from userid 1000) id 0E1EA40340; Fri, 26 Jul 2019 16:09:53 -0300 (-03) Date: Fri, 26 Jul 2019 16:09:53 -0300 To: Vince Weaver Cc: linux-kernel@vger.kernel.org, Peter Zijlstra , Ingo Molnar , Alexander Shishkin , Jiri Olsa , Namhyung Kim Subject: Re: [patch] perf report segfault with 0-sized strings Message-ID: <20190726190953.GD20482@kernel.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Url: http://acmel.wordpress.com User-Agent: Mutt/1.12.0 (2019-05-25) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Em Thu, Jul 25, 2019 at 02:27:14PM -0400, Vince Weaver escreveu: > Hello, > > the perf_data_fuzzer found an issue when strings have size 0. > malloc() in do_read_string() is happy to allocate a string of > size 0 but when code (in this case the pmu parser) tries to work with > those it will segfault. So here are two fixes, i.e. one is to make do_read_string() to return NULL when len is 0, which do_read_string() already returns for failure (NULL) and most of the callers I looked handle that. The other is to make print_pmu_mappings() deal with a NULL ff->ph->env.pmu_mappings, agreed? - Arnaldo > Signed-off-by: Vince Weaver > > diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c > index c24db7f4909c..641129efa987 100644 > --- a/tools/perf/util/header.c > +++ b/tools/perf/util/header.c > @@ -251,6 +252,9 @@ static char *do_read_string(struct feat_fd *ff) > if (do_read_u32(ff, &len)) > return NULL; > > + if (len==0) > + return NULL; > + > buf = malloc(len); > if (!buf) > return NULL; > @@ -1781,6 +1785,10 @@ static void print_pmu_mappings(struct feat_fd *ff, FILE *fp) > str = ff->ph->env.pmu_mappings; > > while (pmu_num) { > + > + if (str==NULL) > + goto error; > + > type = strtoul(str, &tmp, 0); > if (*tmp != ':') > goto error; -- - Arnaldo