Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp5340700ybh;
        Wed, 7 Aug 2019 04:35:55 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxw1KZW6Og2hiaAvxZokw/B0KLaLXiaOcJPtX6jCvFKGZi+11vGzv0zwIH89Lxj37O3Bb3U
X-Received: by 2002:a63:4a50:: with SMTP id j16mr7267577pgl.126.1565177755087;
        Wed, 07 Aug 2019 04:35:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1565177755; cv=none;
        d=google.com; s=arc-20160816;
        b=aSU+LgUjHFRgaC62tE3c2P9JKarV+kXBlkau253l3fpTpYC7+BM5yg2BGICilDcI+c
         4k9ZOpHCR9SsXmUY8CQsPByJFnowqUieiI04v1rLKXxq2D/j2L6WM+ubB7evDJrIkNWj
         yiCMSINoAkXr/l3A74J0HMfk/rDO+SXGMFu41xrcJGEUz5iUBnV8IhncxgGy6HZIX7c8
         3uv5PQHEa8WOR5E3WkEG3ssuDMQ6zfG/EjokPJe607Pxg5NWuIzl5rGUQQjIRJ5Gfcdk
         /vyk9BFjk9upC5MDZg4hwxOeHK/PrUtsTLoZ2L8wRTG1LtMlQvmyiL1oUBpMDxrhkVt9
         W96g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=9BxB89tY/mA95+Dy8gl5zVDCgae91TfuK3XibTLscq8=;
        b=Wfwi7kzp2pusN61TDBWhjDTaNPuZhgRqP/P+U+0+wRX7+V9BW5BMqcbXQKYbkLF32m
         SZ9MjKbqM0m7RyL90d3VOwo9mwsRMS268nKcKNW8Xb+CI336LQbLApBolz1D6nqSdXwi
         RSZFsskAi4lzwKfSRWNugogEe0P+Ov4wRBYDb32ia2GBZPjnIgf+saEE2LmzDzW+gbqQ
         T3QjzveC9y8li+d9Y/HakRgMTPdKqcmwZeO6B4bwO/RFejbz6579mB/+1hUhHHn+jsy6
         vgqrOx/hLJEI6eyaT86HKxIN/nvhRYYM/vHFLa8BjIpwGUCF6+tH1KpwQixHRa8ZABBG
         ahOg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k33si51506959pgi.563.2019.08.07.04.35.39;
        Wed, 07 Aug 2019 04:35:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728592AbfHGLcs (ORCPT <rfc822;justmaker@gmail.com> + 99 others);
        Wed, 7 Aug 2019 07:32:48 -0400
Received: from mx1.redhat.com ([209.132.183.28]:32794 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726773AbfHGLcs (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 7 Aug 2019 07:32:48 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id CCF2451EE1;
        Wed,  7 Aug 2019 11:32:47 +0000 (UTC)
Received: from krava (unknown [10.43.17.81])
        by smtp.corp.redhat.com (Postfix) with SMTP id AE2C05DE5B;
        Wed,  7 Aug 2019 11:32:45 +0000 (UTC)
Date:   Wed, 7 Aug 2019 13:32:44 +0200
From:   Jiri Olsa <jolsa@redhat.com>
To:     Numfor Mbiziwo-Tiapo <nums@google.com>
Cc:     peterz@infradead.org, mingo@redhat.com, acme@kernel.org,
        alexander.shishkin@linux.intel.com, namhyung@kernel.org,
        songliubraving@fb.com, mbd@fb.com, linux-kernel@vger.kernel.org,
        irogers@google.com, eranian@google.com
Subject: Re: [PATCH v2] Fix annotate.c use of uninitialized value error
Message-ID: <20190807113244.GA9605@krava>
References: <20190726194044.GC24867@kernel.org>
 <20190729205750.193289-1-nums@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190729205750.193289-1-nums@google.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 07 Aug 2019 11:32:48 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jul 29, 2019 at 01:57:50PM -0700, Numfor Mbiziwo-Tiapo wrote:
> Our local MSAN (Memory Sanitizer) build of perf throws a warning
> that comes from the "dso__disassemble_filename" function in
> "tools/perf/util/annotate.c" when running perf record.
> 
> The warning stems from the call to readlink, in which "build_id_path"
> was being read into "linkname". Since readlink does not null terminate,
> an uninitialized memory access would later occur when "linkname" is
> passed into the strstr function. This is simply fixed by null-terminating
> "linkname" after the call to readlink.
> 
> To reproduce this warning, build perf by running:
> make -C tools/perf CLANG=1 CC=clang EXTRA_CFLAGS="-fsanitize=memory\
>  -fsanitize-memory-track-origins"
> 
> (Additionally, llvm might have to be installed and clang might have to
> be specified as the compiler - export CC=/usr/bin/clang)
> 
> then running:
> tools/perf/perf record -o - ls / | tools/perf/perf --no-pager annotate\
>  -i - --stdio
> 
> Please see the cover letter for why false positive warnings may be
> generated.
> 
> Signed-off-by: Numfor Mbiziwo-Tiapo <nums@google.com>

Acked-by: Jiri Olsa <jolsa@kernel.org>

thanks,
jirka

> ---
>  tools/perf/util/annotate.c | 15 +++++++++++----
>  1 file changed, 11 insertions(+), 4 deletions(-)
> 
> diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
> index 70de8f6b3aee..e1b075b52dce 100644
> --- a/tools/perf/util/annotate.c
> +++ b/tools/perf/util/annotate.c
> @@ -1627,6 +1627,7 @@ static int dso__disassemble_filename(struct dso *dso, char *filename, size_t fil
>  	char *build_id_filename;
>  	char *build_id_path = NULL;
>  	char *pos;
> +	int len;
>  
>  	if (dso->symtab_type == DSO_BINARY_TYPE__KALLSYMS &&
>  	    !dso__is_kcore(dso))
> @@ -1655,10 +1656,16 @@ static int dso__disassemble_filename(struct dso *dso, char *filename, size_t fil
>  	if (pos && strlen(pos) < SBUILD_ID_SIZE - 2)
>  		dirname(build_id_path);
>  
> -	if (dso__is_kcore(dso) ||
> -	    readlink(build_id_path, linkname, sizeof(linkname)) < 0 ||
> -	    strstr(linkname, DSO__NAME_KALLSYMS) ||
> -	    access(filename, R_OK)) {
> +	if (dso__is_kcore(dso))
> +		goto fallback;
> +
> +	len = readlink(build_id_path, linkname, sizeof(linkname) - 1);
> +	if (len < 0)
> +		goto fallback;
> +
> +	linkname[len] = '\0';
> +	if (strstr(linkname, DSO__NAME_KALLSYMS) ||
> +		access(filename, R_OK)) {
>  fallback:
>  		/*
>  		 * If we don't have build-ids or the build-id file isn't in the
> -- 
> 2.22.0.709.g102302147b-goog
>