diff options
| author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2026-04-11 01:08:58 +0300 |
|---|---|---|
| committer | Namhyung Kim <namhyung@kernel.org> | 2026-04-14 09:21:53 +0300 |
| commit | a881fc56038a7baa5cb5074cdd52315d9ad9ee63 (patch) | |
| tree | 632640c314da244012ed679fddd706407f34eea2 | |
| parent | 4ba223016b0be7ec11aad63f480cd251cecad594 (diff) | |
| download | linux-a881fc56038a7baa5cb5074cdd52315d9ad9ee63.tar.xz | |
perf header: Sanity check HEADER_MEM_TOPOLOGY
Add validation to process_mem_topology() to harden against malformed
perf.data files:
- Upper bound check on nr_nodes (reuses MAX_NUMA_NODES, 4096)
- Minimum section size check before allocating
This is particularly important here since nr is u64, making unbounded
values especially dangerous.
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Ian Rogers <irogers@google.com>
Assisted-by: Claude Code:claude-opus-4-6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
| -rw-r--r-- | tools/perf/util/header.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 2f405776e501..2eb909672f82 100644 --- a/tools/perf/util/header.c +++ b/tools/perf/util/header.c @@ -3308,6 +3308,18 @@ static int process_mem_topology(struct feat_fd *ff, if (do_read_u64(ff, &nr)) return -1; + if (nr > MAX_NUMA_NODES) { + pr_err("Invalid HEADER_MEM_TOPOLOGY: nr_nodes (%llu) > %u\n", + (unsigned long long)nr, MAX_NUMA_NODES); + return -1; + } + + if (ff->size < 3 * sizeof(u64) + nr * 2 * sizeof(u64)) { + pr_err("Invalid HEADER_MEM_TOPOLOGY: section too small (%zu) for %llu nodes\n", + ff->size, (unsigned long long)nr); + return -1; + } + nodes = calloc(nr, sizeof(*nodes)); if (!nodes) return -1; |