From: Arnaldo Carvalho de Melo Date: Thu, 14 Nov 2013 18:30:41 +0000 (-0300) Subject: perf ui browser: Fix segfault caused by off by one handling END key X-Git-Tag: firefly_0821_release~176^2~4943^2^2~2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=48d038fcd09fa231e254965c3b69f8f640c9e62d;p=firefly-linux-kernel-4.4.55.git perf ui browser: Fix segfault caused by off by one handling END key $ perf record ls $ perf report Press 'down enter end' Result: Program received signal SIGSEGV, Segmentation fault. The UI browser, used on a argv array would access past the end of the array on SEEK_END because it wasn't using 'nr_entries - 1', fix it. Reported-by: v.karpov@samsung.com Cc: Adrian Hunter Cc: David Ahern Cc: Frederic Weisbecker Cc: Jiri Olsa Cc: Mike Galbraith Cc: Namhyung Kim Cc: Paul Mackerras Cc: Peter Zijlstra Cc: Stephane Eranian BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=59291 Link: http://lkml.kernel.org/n/tip-3g83ipasqi219ktv764xzzjs@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo --- diff --git a/tools/perf/ui/browser.c b/tools/perf/ui/browser.c index 3648d4ec041f..cbaa7af45513 100644 --- a/tools/perf/ui/browser.c +++ b/tools/perf/ui/browser.c @@ -569,7 +569,7 @@ void ui_browser__argv_seek(struct ui_browser *browser, off_t offset, int whence) browser->top = browser->top + browser->top_idx + offset; break; case SEEK_END: - browser->top = browser->top + browser->nr_entries + offset; + browser->top = browser->top + browser->nr_entries - 1 + offset; break; default: return;