On 06/09/2011 01:33 PM, Arun Sharma wrote:On Thu, Jun 09, 2011 at 02:44:19PM +0800, Sam Liao wrote:--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -247,9 +247,14 @@ int perf_session__resolve_callchain(struct
perf_session *self,
callchain_cursor_reset(&self->callchain_cursor);
for (i = 0; i< chain->nr; i++) {
- u64 ip = chain->ips[i];
+ u64 ip;
struct addr_location al;
+ if (callchain_param.order == ORDER_CALLEE)
+ ip = chain->ips[i];
+ else
+ ip = chain->ips[chain->nr - i - 1];
This can dereference a bad pointer if chain->nr == 0.
Should not enter the loop if chain->nr is 0 (See for arg).