diff options
| author | Ian Rogers <irogers@google.com> | 2025-09-14 11:31:31 -0700 |
|---|---|---|
| committer | Arnaldo Carvalho de Melo <acme@redhat.com> | 2025-10-02 15:01:26 -0300 |
| commit | de1111f91a7a681303265938c2ad32f5ec3f21b7 (patch) | |
| tree | 997cb921510ec8d77f2fb3107a2ee723af559f1c /tools/perf/util | |
| parent | perf bpf: Use __builtin_preserve_field_info for GCC compatibility (diff) | |
| download | linux-de1111f91a7a681303265938c2ad32f5ec3f21b7.tar.gz linux-de1111f91a7a681303265938c2ad32f5ec3f21b7.zip | |
perf symbol-minimal: Be more defensive when reading build IDs
The note_data at ptr is read as a nhdr but this may yield
out-of-bounds reads if there isn't nhdrs worth of data.
Be more defensive before doing the reads.
This is motivated by address sanitizer capturing out of bounds reads
running "perf top".
Signed-off-by: Ian Rogers <irogers@google.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Diffstat (limited to 'tools/perf/util')
| -rw-r--r-- | tools/perf/util/symbol-minimal.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/perf/util/symbol-minimal.c b/tools/perf/util/symbol-minimal.c index 41e4ebe5eac5..aeb253248895 100644 --- a/tools/perf/util/symbol-minimal.c +++ b/tools/perf/util/symbol-minimal.c @@ -42,7 +42,7 @@ static int read_build_id(void *note_data, size_t note_len, struct build_id *bid, void *ptr; ptr = note_data; - while (ptr < (note_data + note_len)) { + while ((ptr + sizeof(*nhdr)) < (note_data + note_len)) { const char *name; size_t namesz, descsz; |