提交 8aa8a7c8 编写于 作者: S Stephane Eranian 提交者: Ingo Molnar

perf record: Fix buffer overrun bug in tracepoint_id_to_path()

This patch fixes a buffer overrun bug in
tracepoint_id_to_path(). The bug manisfested itself as a memory
error reported by perf record. I ran into it with perf sched:

 $ perf sched rec noploop 2 noploop for 2 seconds
 [ perf record: Woken up 14 times to write data ]
 [ perf record: Captured and wrote 42.701 MB perf.data (~1865622 samples) ]
 Fatal: No memory to alloc tracepoints list

It turned out that tracepoint_id_to_path() was reading the
tracepoint id using read() but the buffer was not large enough
to include the \n terminator for id with 4 digits or more.

The patch fixes the problem by extending the buffer to a more
reasonable size covering all possible id length include \n
terminator. Note that atoll() stops at the first non digit
character, thus it is not necessary to clear the buffer between
each read.
Signed-off-by: NStephane Eranian <eranian@google.com>
Acked-by: NArnaldo Carvalho de Melo <acme@redhat.com>
Acked-by: NPeter Zijlstra <a.p.zijlstra@chello.nl>
Cc: fweisbec@gmail.com
Cc: dsahern@gmail.com
Link: http://lkml.kernel.org/r/20120313155102.GA6465@quadSigned-off-by: NIngo Molnar <mingo@elte.hu>
上级 87e24f4b
...@@ -165,7 +165,7 @@ struct tracepoint_path *tracepoint_id_to_path(u64 config) ...@@ -165,7 +165,7 @@ struct tracepoint_path *tracepoint_id_to_path(u64 config)
struct tracepoint_path *path = NULL; struct tracepoint_path *path = NULL;
DIR *sys_dir, *evt_dir; DIR *sys_dir, *evt_dir;
struct dirent *sys_next, *evt_next, sys_dirent, evt_dirent; struct dirent *sys_next, *evt_next, sys_dirent, evt_dirent;
char id_buf[4]; char id_buf[24];
int fd; int fd;
u64 id; u64 id;
char evt_path[MAXPATHLEN]; char evt_path[MAXPATHLEN];
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册