| From: Arnaldo Carvalho de Melo <acme@redhat.com> |
| Date: Wed, 8 Feb 2017 17:01:46 -0300 |
| Subject: perf thread_map: Correctly size buffer used with dirent->dt_name |
| |
| commit bdf23a9a190d7ecea092fd5c4aabb7d4bd0a9980 upstream. |
| |
| The size of dirent->dt_name is NAME_MAX + 1, but the size for the 'path' |
| buffer is hard coded at 256, which may truncate it because we also |
| prepend "/proc/", so that all that into account and thank gcc 7 for this |
| warning: |
| |
| /git/linux/tools/perf/util/thread_map.c: In function 'thread_map__new_by_uid': |
| /git/linux/tools/perf/util/thread_map.c:119:39: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 250 [-Werror=format-truncation=] |
| snprintf(path, sizeof(path), "/proc/%s", dirent->d_name); |
| ^~ |
| In file included from /usr/include/stdio.h:939:0, |
| from /git/linux/tools/perf/util/thread_map.c:5: |
| /usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 7 and 262 bytes into a destination of size 256 |
| return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, |
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| __bos (__s), __fmt, __va_arg_pack ()); |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| |
| Cc: Adrian Hunter <adrian.hunter@intel.com> |
| Cc: David Ahern <dsahern@gmail.com> |
| Cc: Jiri Olsa <jolsa@kernel.org> |
| Cc: Namhyung Kim <namhyung@kernel.org> |
| Cc: Wang Nan <wangnan0@huawei.com> |
| Link: http://lkml.kernel.org/n/tip-csy0r8zrvz5efccgd4k12c82@git.kernel.org |
| Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| tools/perf/util/thread_map.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/tools/perf/util/thread_map.c |
| +++ b/tools/perf/util/thread_map.c |
| @@ -63,7 +63,7 @@ struct thread_map *thread_map__new_by_ui |
| { |
| DIR *proc; |
| int max_threads = 32, items, i; |
| - char path[256]; |
| + char path[NAME_MAX + 1 + 6]; |
| struct dirent *dirent, **namelist = NULL; |
| struct thread_map *threads = malloc(sizeof(*threads) + |
| max_threads * sizeof(pid_t)); |