blob: 686d1e564524248d3a7159c4803c961c2d3002fd [file] [log] [blame]
From a4044843dee302f69f6576e1e472899645abe059 Mon Sep 17 00:00:00 2001
From: disconnect3d <>
Date: Mon, 9 Mar 2020 11:48:53 +0100
Subject: [PATCH] perf map: Fix off by one in strncpy() size argument
commit db2c549407d4a76563c579e4768f7d6d32afefba upstream.
This patch fixes an off-by-one error in strncpy size argument in
tools/perf/util/map.c. The issue is that in:
strncmp(filename, "/system/lib/", 11)
the passed string literal: "/system/lib/" has 12 bytes (without the NULL
byte) and the passed size argument is 11. As a result, the logic won't
match the ending "/" byte and will pass filepaths that are stored in
other directories e.g. "/system/libmalicious/bin" or just
This functionality seems to be present only on Android. I assume the
/system/ directory is only writable by the root user, so I don't think
this bug has much (or any) security impact.
Fixes: eca818369996 ("perf tools: Add automatic remapping of Android libraries")
Signed-off-by: disconnect3d <>
Cc: Alexander Shishkin <>
Cc: Changbin Du <>
Cc: Jiri Olsa <>
Cc: John Keeping <>
Cc: Mark Rutland <>
Cc: Michael Lentine <>
Cc: Namhyung Kim <>
Cc: Peter Zijlstra <>
Cc: Song Liu <>
Cc: Stephane Eranian <>
Signed-off-by: Arnaldo Carvalho de Melo <>
Signed-off-by: Paul Gortmaker <>
diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c
index e6458145a428..b7c20d14a611 100644
--- a/tools/perf/util/map.c
+++ b/tools/perf/util/map.c
@@ -87,7 +87,7 @@ static inline bool replace_android_lib(const char *filename, char *newfilename)
return true;
- if (!strncmp(filename, "/system/lib/", 11)) {
+ if (!strncmp(filename, "/system/lib/", 12)) {
char *ndk, *app;
const char *arch;
size_t ndk_length;