perf tools: Check we are able to read the event size on mmap
Frederic Weisbecker [Sat, 21 May 2011 15:07:24 +0000 (17:07 +0200)]
Check we have enough mmaped space to read the current event
size from its headers, otherwise we may dereference some
hell there.

Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Stephane Eranian <eranian@google.com>

tools/perf/util/session.c

index fff6674..61746b5 100644 (file)
@@ -1007,6 +1007,13 @@ remap:
        file_pos = file_offset + head;
 
 more:
+       /*
+        * Ensure we have enough space remaining to read
+        * the size of the event in the headers.
+        */
+       if (head + sizeof(event->header) > mmap_size)
+               goto remap;
+
        event = (union perf_event *)(buf + head);
 
        if (session->header.needs_swap)