[PATCH 3.16 365/366] perf thread_map: Correctly size buffer used with dirent->dt_name

From: Ben Hutchings
Date: Sun Nov 11 2018 - 15:32:39 EST

Next message: Ben Hutchings: "[PATCH 3.16 243/366] ARC: Fix CONFIG_SWAP"
Previous message: Ben Hutchings: "[PATCH 3.16 366/366] perf tools: Fix python extension build for gcc 8"
In reply to: Ben Hutchings: "[PATCH 3.16 366/366] perf tools: Fix python extension build for gcc 8"
Next in thread: Ben Hutchings: "[PATCH 3.16 243/366] ARC: Fix CONFIG_SWAP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.16.61-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>

commit bdf23a9a190d7ecea092fd5c4aabb7d4bd0a9980 upstream.

The size of dirent->dt_name is NAME_MAX + 1, but the size for the 'path'
buffer is hard coded at 256, which may truncate it because we also
prepend "/proc/", so that all that into account and thank gcc 7 for this
warning:

/git/linux/tools/perf/util/thread_map.c: In function 'thread_map__new_by_uid':
/git/linux/tools/perf/util/thread_map.c:119:39: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 250 [-Werror=format-truncation=]
snprintf(path, sizeof(path), "/proc/%s", dirent->d_name);
^~
In file included from /usr/include/stdio.h:939:0,
from /git/linux/tools/perf/util/thread_map.c:5:
/usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 7 and 262 bytes into a destination of size 256
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__bos (__s), __fmt, __va_arg_pack ());
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cc: Adrian Hunter <adrian.hunter@xxxxxxxxx>
Cc: David Ahern <dsahern@xxxxxxxxx>
Cc: Jiri Olsa <jolsa@xxxxxxxxxx>
Cc: Namhyung Kim <namhyung@xxxxxxxxxx>
Cc: Wang Nan <wangnan0@xxxxxxxxxx>
Link: http://lkml.kernel.org/n/tip-csy0r8zrvz5efccgd4k12c82@xxxxxxxxxxxxxx
Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
tools/perf/util/thread_map.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tools/perf/util/thread_map.c
+++ b/tools/perf/util/thread_map.c
@@ -63,7 +63,7 @@ struct thread_map *thread_map__new_by_ui
{
DIR *proc;
int max_threads = 32, items, i;
- char path[256];
+ char path[NAME_MAX + 1 + 6];
struct dirent *dirent, **namelist = NULL;
struct thread_map *threads = malloc(sizeof(*threads) +
max_threads * sizeof(pid_t));

Next message: Ben Hutchings: "[PATCH 3.16 243/366] ARC: Fix CONFIG_SWAP"
Previous message: Ben Hutchings: "[PATCH 3.16 366/366] perf tools: Fix python extension build for gcc 8"
In reply to: Ben Hutchings: "[PATCH 3.16 366/366] perf tools: Fix python extension build for gcc 8"
Next in thread: Ben Hutchings: "[PATCH 3.16 243/366] ARC: Fix CONFIG_SWAP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]