perf thread_map: Correctly size buffer used with dirent->dt_name
authorArnaldo Carvalho de Melo <acme@redhat.com>
Wed, 8 Feb 2017 20:01:46 +0000 (17:01 -0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 15 Jul 2017 09:57:48 +0000 (11:57 +0200)
commit bdf23a9a190d7ecea092fd5c4aabb7d4bd0a9980 upstream.

The size of dirent->dt_name is NAME_MAX + 1, but the size for the 'path'
buffer is hard coded at 256, which may truncate it because we also
prepend "/proc/", so that all that into account and thank gcc 7 for this
warning:

  /git/linux/tools/perf/util/thread_map.c: In function 'thread_map__new_by_uid':
  /git/linux/tools/perf/util/thread_map.c:119:39: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 250 [-Werror=format-truncation=]
     snprintf(path, sizeof(path), "/proc/%s", dirent->d_name);
                                         ^~
  In file included from /usr/include/stdio.h:939:0,
                   from /git/linux/tools/perf/util/thread_map.c:5:
  /usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 7 and 262 bytes into a destination of size 256
     return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          __bos (__s), __fmt, __va_arg_pack ());
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-csy0r8zrvz5efccgd4k12c82@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tools/perf/util/thread_map.c

index 6ec3c5ca438f25c827dcfc1b7bde3491f8a5fe8c..fd8d4384454c41c9fea6294786df4751bd5d3dfb 100644 (file)
@@ -92,7 +92,7 @@ struct thread_map *thread_map__new_by_uid(uid_t uid)
 {
        DIR *proc;
        int max_threads = 32, items, i;
-       char path[256];
+       char path[NAME_MAX + 1 + 6];
        struct dirent dirent, *next, **namelist = NULL;
        struct thread_map *threads = thread_map__alloc(max_threads);