RE: [RFC PATCH v4 1/6] perf stat: Parse and find tpebs events when parsing metrics to prepare for perf record sampling

[Wang, Weilin]

> -----Original Message-----
> From: Andi Kleen <ak@xxxxxxxxxxxxxxx>
> Sent: Tuesday, March 12, 2024 4:58 PM
> To: Wang, Weilin <weilin.wang@xxxxxxxxx>
> Cc: Namhyung Kim <namhyung@xxxxxxxxxx>; Ian Rogers
> <irogers@xxxxxxxxxx>; Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>; Peter
> Zijlstra <peterz@xxxxxxxxxxxxx>; Ingo Molnar <mingo@xxxxxxxxxx>;
> Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>; Jiri Olsa
> <jolsa@xxxxxxxxxx>; Hunter, Adrian <adrian.hunter@xxxxxxxxx>; Kan Liang
> <kan.liang@xxxxxxxxxxxxxxx>; linux-perf-users@xxxxxxxxxxxxxxx; linux-
> kernel@xxxxxxxxxxxxxxx; Taylor, Perry <perry.taylor@xxxxxxxxx>; Alt, Samantha
> <samantha.alt@xxxxxxxxx>; Biggers, Caleb <caleb.biggers@xxxxxxxxx>
> Subject: Re: [RFC PATCH v4 1/6] perf stat: Parse and find tpebs events when
> parsing metrics to prepare for perf record sampling
> 
> weilin.wang@xxxxxxxxx writes:
> > +
> > +			new_event->tpebs_name = strdup(id);
> > +			*p = '\0';
> > +			name = malloc(strlen(id) + 2);
> > +			if (!name)
> > +				return -ENOMEM;
> > +
> > +			at = strchr(id, '@');
> > +			if (at != NULL) {
> > +				*at = '/';
> > +				at = strchr(id, '@');
> > +				*at = '/';
> > +				strcpy(name, id);
> > +				strcat(name, "p");
> > +			} else {
> > +				strcpy(name, id);
> > +				strcat(name, ":p");
> 
> 
> This seems like a buffer overflow because :p is 3 bytes including 0,
> but you only allocate + 2.
> You should really use safe string primitives, then you would have
> noticed the truncation.
> 

I will double check and update this part.

Thanks,
Weilin

> -Andi