Commit de1111f9 authored Sep 14, 2025 by Ian Rogers Committed by Arnaldo Carvalho de Melo Oct 02, 2025

perf symbol-minimal: Be more defensive when reading build IDs



The note_data at ptr is read as a nhdr but this may yield
out-of-bounds reads if there isn't nhdrs worth of data.

Be more defensive before doing the reads.

This is motivated by address sanitizer capturing out of bounds reads
running "perf top".

Signed-off-by: Ian Rogers <irogers@google.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

parent 4fc84434

tools/perf/util/symbol-minimal.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -42,7 +42,7 @@ static int read_build_id(void note_data, size_t note_len, struct build_id bid,
		void *ptr;

		ptr = note_data;
		while (ptr < (note_data + note_len)) {
		while ((ptr + sizeof(*nhdr)) < (note_data + note_len)) {
		const char *name;
		size_t namesz, descsz;