perf tools: Fix out-of-bound access to struct perf_session
Robert Richter [Wed, 7 Dec 2011 09:02:52 +0000 (10:02 +0100)]
If filename is NULL there is an out-of-bound access to struct
perf_session if it would be used with perf_session__open(). Shouldn't
actually happen in current implementation as filename is always !NULL.
Fixing this by always null-terminating filename.

Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lkml.kernel.org/r/1323248577-11268-3-git-send-email-robert.richter@amd.com
Signed-off-by: Robert Richter <robert.richter@amd.com>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

tools/perf/util/session.c
tools/perf/util/session.h

index d9318d8..ea17dfb 100644 (file)
@@ -107,7 +107,7 @@ struct perf_session *perf_session__new(const char *filename, int mode,
                                       bool force, bool repipe,
                                       struct perf_tool *tool)
 {
-       size_t len = filename ? strlen(filename) + 1 : 0;
+       size_t len = filename ? strlen(filename) : 0;
        struct perf_session *self = zalloc(sizeof(*self) + len);
 
        if (self == NULL)
index fb69612..37bc383 100644 (file)
@@ -50,7 +50,7 @@ struct perf_session {
        int                     cwdlen;
        char                    *cwd;
        struct ordered_samples  ordered_samples;
-       char                    filename[0];
+       char                    filename[1];
 };
 
 struct perf_tool;