This is a note to let you know that I've just added the patch titled
perf thread_map: Correctly size buffer used with dirent->dt_name
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
perf-thread_map-correctly-size-buffer-used-with-dirent-dt_name.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From bdf23a9a190d7ecea092fd5c4aabb7d4bd0a9980 Mon Sep 17 00:00:00 2001
From: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
Date: Wed, 8 Feb 2017 17:01:46 -0300
Subject: perf thread_map: Correctly size buffer used with dirent->dt_name
From: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
commit bdf23a9a190d7ecea092fd5c4aabb7d4bd0a9980 upstream.
The size of dirent->dt_name is NAME_MAX + 1, but the size for the 'path'
buffer is hard coded at 256, which may truncate it because we also
prepend "/proc/", so that all that into account and thank gcc 7 for this
warning:
/git/linux/tools/perf/util/thread_map.c: In function 'thread_map__new_by_uid':
/git/linux/tools/perf/util/thread_map.c:119:39: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 250 [-Werror=format-truncation=]
snprintf(path, sizeof(path), "/proc/%s", dirent->d_name);
^~
In file included from /usr/include/stdio.h:939:0,
from /git/linux/tools/perf/util/thread_map.c:5:
/usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 7 and 262 bytes into a destination of size 256
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__bos (__s), __fmt, __va_arg_pack ());
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc: Adrian Hunter <adrian.hunter@xxxxxxxxx>
Cc: David Ahern <dsahern@xxxxxxxxx>
Cc: Jiri Olsa <jolsa@xxxxxxxxxx>
Cc: Namhyung Kim <namhyung@xxxxxxxxxx>
Cc: Wang Nan <wangnan0@xxxxxxxxxx>
Link: http://lkml.kernel.org/n/tip-csy0r8zrvz5efccgd4k12c82@xxxxxxxxxxxxxx
Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
tools/perf/util/thread_map.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/perf/util/thread_map.c
+++ b/tools/perf/util/thread_map.c
@@ -93,7 +93,7 @@ struct thread_map *thread_map__new_by_ui
{
DIR *proc;
int max_threads = 32, items, i;
- char path[256];
+ char path[NAME_MAX + 1 + 6];
struct dirent *dirent, **namelist = NULL;
struct thread_map *threads = thread_map__alloc(max_threads);
Patches currently in stable-queue which might be from acme@xxxxxxxxxx are
queue-4.9/perf-thread_map-correctly-size-buffer-used-with-dirent-dt_name.patch
queue-4.9/perf-tests-avoid-possible-truncation-with-dirent-d_name-snprintf.patch
queue-4.9/perf-top-use-__fallthrough.patch
queue-4.9/perf-scripting-perl-fix-compile-error-with-some-perl5-versions.patch
queue-4.9/perf-bench-numa-avoid-possible-truncation-when-using-snprintf.patch
queue-4.9/perf-probe-add-error-checks-to-offline-probe-post-processing.patch
queue-4.9/perf-header-fix-handling-of-perf_event_update__scale.patch
queue-4.9/tools-string-use-__fallthrough-in-perf_atoll.patch
queue-4.9/perf-intel-pt-use-__fallthrough.patch
queue-4.9/tools-include-add-a-__fallthrough-statement.patch
queue-4.9/tools-strfilter-use-__fallthrough.patch
queue-4.9/perf-probe-fix-to-probe-on-gcc-generated-symbols-for-offline-kernel.patch