[{"id":3690485,"web_url":"http://patchwork.ozlabs.org/comment/3690485/","msgid":"","date":"2026-05-13T01:02:55","subject":"Re: [PATCH V4 2/2] tools/perf: Use scnprintf in buffer offset\n calculations","submitter":{"id":77731,"url":"http://patchwork.ozlabs.org/api/people/77731/","name":"Ian Rogers","email":"irogers@google.com"},"content":"On Mon, May 4, 2026 at 8:42 AM Athira Rajeev wrote:\n>\n> Replace snprintf with scnprintf in buffer offset calculations to\n> ensure the 'used' count will not exceed the \"len\".\n>\n> The current logic in perf_pmu__for_each_event uses an unconditional\n> + 1 increment to buf_used to account for null terminators. This can\n> cause a a stack buffer overflow in the subsequent scnprintf call.\n> When the local stack buffer buf (1024 bytes) is full, buf_used can\n> reach 1025. This causes the subsequent remaining space calculation\n> sizeof(buf) - buf_used to underflow.\n>\n> Use sub_non_neg() to see if space actually existed, and only\n> increment the offset if remaning space is present.\n>\n> Changes includes:\n> - Use sub_non_neg to check if space exists\n> - Replacing snprintf with scnprintf to ensure the return value\n> reflects the actual bytes written into the buffer.\n> - Only increment buf_used by 1 if space exists\n> - If a parameterized event uses a built-in perf keyword for its\n> parameter name (eg, config=?), the lexer parses it as a predefined\n> term token, which sets term->config to NULL. Add check to use\n> parse_events__term_type_str() if term->config is NULL.\n>\n> Signed-off-by: Athira Rajeev \n\nReviewed-by: Ian Rogers \n\nThanks,\nIan\n\n> ---\n> Changelog:\n> v2 -> v3:\n> - Split the scnprintf related changes in separate patch\n> - Handle the overflow issues and unconditional increment\n> wrapped around sub_non_neg addressing review comment from Sashiko\n>\n> tools/perf/util/pmu.c | 46 ++++++++++++++++++++++++++++++++-----------\n> 1 file changed, 35 insertions(+), 11 deletions(-)\n>\n> diff --git a/tools/perf/util/pmu.c b/tools/perf/util/pmu.c\n> index 0b8d58543f17..4b9ade1a4cf9 100644\n> --- a/tools/perf/util/pmu.c\n> +++ b/tools/perf/util/pmu.c\n> @@ -2129,15 +2129,19 @@ static char *format_alias(char *buf, int len, const struct perf_pmu *pmu,\n> pr_err(\"Failure to parse '%s' terms '%s': %d\\n\",\n> alias->name, alias->terms, ret);\n> parse_events_terms__exit(&terms);\n> - snprintf(buf, len, \"%.*s/%s/\", (int)pmu_name_len, pmu->name, alias->name);\n> + scnprintf(buf, len, \"%.*s/%s/\", (int)pmu_name_len, pmu->name, alias->name);\n> return buf;\n> }\n> - used = snprintf(buf, len, \"%.*s/%s\", (int)pmu_name_len, pmu->name, alias->name);\n> + used = scnprintf(buf, len, \"%.*s/%s\", (int)pmu_name_len, pmu->name, alias->name);\n>\n> list_for_each_entry(term, &terms.terms, list) {\n> + const char *name = term->config;\n> +\n> + if (!name)\n> + name = parse_events__term_type_str(term->type_term);\n> if (term->type_val == PARSE_EVENTS__TERM_TYPE_STR)\n> - used += snprintf(buf + used, sub_non_neg(len, used),\n> - \",%s=%s\", term->config,\n> + used += scnprintf(buf + used, sub_non_neg(len, used),\n> + \",%s=%s\", name,\n> term->val.str);\n> }\n> parse_events_terms__exit(&terms);\n> @@ -2201,6 +2205,7 @@ int perf_pmu__for_each_event(struct perf_pmu *pmu, bool skip_duplicate_pmus,\n> int ret = 0;\n> struct hashmap_entry *entry;\n> size_t bkt;\n> + size_t size_rem, len;\n>\n> if (perf_pmu__is_tracepoint(pmu))\n> return tp_pmu__for_each_event(pmu, state, cb);\n> @@ -2234,17 +2239,36 @@ int perf_pmu__for_each_event(struct perf_pmu *pmu, bool skip_duplicate_pmus,\n> }\n> buf_used = strlen(buf) + 1;\n> }\n> +\n> info.scale_unit = NULL;\n> if (strlen(event->unit) || event->scale != 1.0) {\n> - info.scale_unit = buf + buf_used;\n> - buf_used += snprintf(buf + buf_used, sizeof(buf) - buf_used,\n> - \"%G%s\", event->scale, event->unit) + 1;\n> + /* Check the remaining space */\n> + size_rem = sub_non_neg(sizeof(buf), buf_used);\n> +\n> + if (size_rem > 0) {\n> + info.scale_unit = buf + buf_used;\n> + len = scnprintf(buf + buf_used, size_rem, \"%G%s\",\n> + event->scale, event->unit);\n> + /*\n> + * Increment buf_used by 1 only if\n> + * it fits remaining space\n> + */\n> + buf_used += min(len + 1, size_rem);\n> + }\n> }\n> info.desc = event->desc;\n> info.long_desc = event->long_desc;\n> - info.encoding_desc = buf + buf_used;\n> - buf_used += snprintf(buf + buf_used, sizeof(buf) - buf_used,\n> - \"%.*s/%s/\", (int)pmu_name_len, info.pmu_name, event->terms) + 1;\n> + info.encoding_desc = NULL;\n> +\n> + /* Check the remaining space */\n> + size_rem = sub_non_neg(sizeof(buf), buf_used);\n> + if (size_rem > 0) {\n> + info.encoding_desc = buf + buf_used;\n> + len = scnprintf(buf + buf_used, size_rem, \"%.*s/%s/\",\n> + (int)pmu_name_len, info.pmu_name, event->terms);\n> + buf_used += min(len + 1, size_rem);\n> + }\n> +\n> info.str = event->terms;\n> info.topic = event->topic;\n> info.deprecated = perf_pmu_alias__check_deprecated(pmu, event);\n> @@ -2254,7 +2278,7 @@ int perf_pmu__for_each_event(struct perf_pmu *pmu, bool skip_duplicate_pmus,\n> }\n> if (pmu->selectable) {\n> info.name = buf;\n> - snprintf(buf, sizeof(buf), \"%s//\", pmu->name);\n> + scnprintf(buf, sizeof(buf), \"%s//\", pmu->name);\n> info.alias = NULL;\n> info.scale_unit = NULL;\n> info.desc = NULL;\n> --\n> 2.47.3\n>","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256\n header.s=20251104 header.b=Qb1i9JEx;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org\n (client-ip=2404:9400:21b9:f100::1; helo=lists.ozlabs.org;\n envelope-from=linuxppc-dev+bounces-20799-incoming=patchwork.ozlabs.org@lists.ozlabs.org;\n receiver=patchwork.ozlabs.org)","lists.ozlabs.org;\n arc=pass smtp.remote-ip=\"2607:f8b0:4864:20::1229\" arc.chain=google.com","lists.ozlabs.org;\n dmarc=pass (p=reject dis=none) header.from=google.com","lists.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256\n header.s=20251104 header.b=Qb1i9JEx;\n\tdkim-atps=neutral","lists.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=google.com\n (client-ip=2607:f8b0:4864:20::1229; helo=mail-dl1-x1229.google.com;\n envelope-from=irogers@google.com; receiver=lists.ozlabs.org)"],"Received":["from lists.ozlabs.org (lists.ozlabs.org\n [IPv6:2404:9400:21b9:f100::1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1 raw public key)\n server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gFZvl1jLyz1yKH\n\tfor ; Wed, 13 May 2026 11:03:14 +1000 (AEST)","from boromir.ozlabs.org (localhost [127.0.0.1])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 4gFZvk1yHjz2xsW;\n\tWed, 13 May 2026 11:03:14 +1000 (AEST)","from mail-dl1-x1229.google.com (mail-dl1-x1229.google.com\n [IPv6:2607:f8b0:4864:20::1229])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 4gFZvh6Tb8z2xpt\n\tfor ; Wed, 13 May 2026 11:03:12 +1000 (AEST)","by mail-dl1-x1229.google.com with SMTP id\n a92af1059eb24-133362c30cfso28c88.0\n for ;\n Tue, 12 May 2026 18:03:12 -0700 (PDT)"],"ARC-Seal":["i=2; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1778634194;\n\tcv=pass;\n b=DlRVzHFqCHG915P9XdzF//rxHXCan8djRuq1rqxrZN1X5RDOG22yb1MtlRvPWozmVwgGqdmMV/lWkDCuX6KHbqLwsR8vlLhHygiXa6yFcaDZm3cYBxBK7qSHk7x5R1A6o5jlGZG2TB7zVfpSEfYIwdqfAlUjekUWkufVq+vp8SHsk0ldJ3M7H2bEtWBaSRf/fwtkO8RPySQmSuTf6lYFsjNxjvjAFc25B9qBi4aai5wbMmSqzxVYXryXM7B3ae4x56DQzEwDWHIzbEu/sHUVul+4yPGMZfhM4ho0pRoaYGf0/rTiBUQIW3ZIVdGkS9Rrv7EMQWOTU8D12pyp2on+7Q==","i=1; a=rsa-sha256; t=1778634190; cv=none;\n d=google.com; s=arc-20240605;\n b=YlCua+n5uIwFju9GMyzNsfNihOvwVUTIzJvlJNsnNAulGPk9eEg0O2nPSpzl4/8nbF\n ++TZvm0Cqo1O020pbC1ZjYrARX6OpFVL70qE407HmuJzDq7BVd7YCQKJGCh961h/HLfe\n a7Lz3a7vzdpoYqEXeL5cKloCZTq4AsNAzsP7b7n+H5pgDNAHIrLJ0HIWHecHfKSC3m74\n wroEs6mttIuS1I+di22IjYcuQCro8A/FhIGqyIVJ3lnGnnwN/TzUgY36xp9oU62MDuBT\n YMxjf7J2O/OSB1uDeNfCl3CL24GgUq0Nc00eVob/ExeJCrCnGy3vuUHsC85UC96QBJd5\n nxdw=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; d=lists.ozlabs.org; s=201707;\n\tt=1778634194; c=relaxed/relaxed;\n\tbh=ulhWHKpmSnD058yAqu2u4kJ2BZiEp2EGH+nr0nLUtAM=;\n\th=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:\n\t To:Cc:Content-Type;\n b=aF/fUGSI5qiCA0X2gTRT5x3nFhgpbxcWzigNjXEyYpHBnwGwXSdXsj1S0AZGuvNK1XtZSpXVD7KgTMYkPzH4vEOsopgJnuhrvu5GSxKuSx7B0HELt/w1/ZawgzykGXTQOKPztu/BWgdygtXn55/dPMJf84IWxA6eCQBTRaREzvzAqGr3OaCW5CEv723xIakPRXu8ZpP1ZIntsvwnYk+jedMwORO0MAP0zS6wpmhh7SQkAWXfrOlXvPqG9NPYwUWuJfe5Sp/Hgk8kV2LOtfNbwb0bASBMKCsr4YbPGR2B00zK0WH1qSFtDAKKlnoiUSfY+kMnBgDmN/fDRxmlbf2HCA==","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:dkim-signature;\n bh=ulhWHKpmSnD058yAqu2u4kJ2BZiEp2EGH+nr0nLUtAM=;\n fh=uj4xV6Uk7yJTErKpdbOxaNztUDcp2NtNYANM1RQ32I0=;\n b=UJLyeioIkSEZcl2aipMtNJ7DaR5temlRwd1eGPK/DFZZcjA4hV27jweC5HTpjC8tT/\n RfgxgNVi/LDz/2T4xadldG2NFhDnXZG6tu0OpN3AjAAXoZGSyO0Ij/LjZBHEm2Xxh2cX\n xp9JnnJZtJQKqLZgrxxmhbTMG8gGXgvxCHjIFHJFpTzWj/BDLodWlMNAZ2mkqQH9Ao6a\n qH1LnoiqI53NRdo80y8tnFtKu/Jp6ccVLkwCPrmMfEsZXFChMbSSnpr6P422ThWjDs+k\n 4+ExWvLssrFj8Jipqh/VdidFujaD7kxfycPc1ygwoVZyc/wIXFrvshlFwzrsNgChFtlS\n MfWA==;\n darn=lists.ozlabs.org"],"ARC-Authentication-Results":["i=2; lists.ozlabs.org;\n dmarc=pass (p=reject dis=none) header.from=google.com;\n dkim=pass (2048-bit key;\n unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256\n header.s=20251104 header.b=Qb1i9JEx; dkim-atps=neutral;\n spf=pass (client-ip=2607:f8b0:4864:20::1229; helo=mail-dl1-x1229.google.com;\n envelope-from=irogers@google.com;\n receiver=lists.ozlabs.org) smtp.mailfrom=google.com","i=1; mx.google.com; arc=none"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=google.com; s=20251104; t=1778634190; x=1779238990;\n darn=lists.ozlabs.org;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:from:to:cc:subject:date\n :message-id:reply-to;\n bh=ulhWHKpmSnD058yAqu2u4kJ2BZiEp2EGH+nr0nLUtAM=;\n b=Qb1i9JExvyvFbYpBAE97GtCGBaS0x0qmuL9kDq0mTkZAcxCrD6uegD1JjImYQDUdxZ\n hmcNHePmhOW8fhPGe4Kd74fTbvTzovbHkhbE3FdAj+3XO0Fq+5XqBWiAVA2OQr/c434n\n RTwqsBYnH6oBBNs4wnx46IF+hT6gIKpLOm4QI1T38a03Et8h+OfIXK9DDF8SxjpMaKLx\n bBQVnH3dzKH40X2bTGaVHNRvXfiSTvdlK1q757IqcANMDlDXP9VHTGNTEJNDp5YpEg+L\n F3/yTWN+V6P3xMaFLhnyhwxpkTqqUbivDO9kP+BVhC9Ofj3Rl3SwlMWIn9kKIwfgX402\n 2lqQ==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1778634190; x=1779238990;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=ulhWHKpmSnD058yAqu2u4kJ2BZiEp2EGH+nr0nLUtAM=;\n b=TshK+DClazVDda4RvofUGZwNnM4Qzx1FTvSZEFoAIL3seSHwXZriJ1lzGJa9ANTi6Y\n KIoxAqTm7LHZD/ZRGRC4UtuHbzush4QJxACjpU3Qw07JbBiE9gK1jnsrgd/VdhSWdRv1\n fgzp/FVGEqeASmHXAVfny730S/geDTYa0ghYfgyNbGzPLHkOjKyunoUV1CPXTLNdEGCb\n Wzj8V13OiBTK8EZK6aNH/R6vdlqs2lDfyxfDVZhorhc1n1gH9AeixMxWZj134x0l0E0M\n UKJyMFAth0g2vz6zCvaE0S0L6ItrpNQRhr6x7AHdZgAUfq8y5eCfGVtGQ7663oIMiCj9\n E3Ng==","X-Forwarded-Encrypted":"i=1;\n AFNElJ8B8fKk9I6CtSkXvv0dR0Cw1xRxpgO9zUResBv8zOc8yMexGMcZnASIbg7EmSVXh5t+Vdkt7BYoeHYzubA=@lists.ozlabs.org","X-Gm-Message-State":"AOJu0YypSlAPVawF79J8C6HiWbhY6bjJRNkyoE5V7OgpxsIYW3zm6+tx\n\tNJhZrhxRErcr4jkGsCBJx3P8deRdaOsEWaXq59oWYyLa7CU4OxjBEYioMoTF4epbW3vexBiHFPu\n\t9DbG/1qP8LFZcBvYrPDzIRDW4wHkssJD7tneq5WqL","X-Gm-Gg":"Acq92OGaCQjCZPA+3QgPC8H/DxnBOwpK4nKe9T8DKBflzOs+Ax1rzEqBoT78ptzpcMg\n\tfO2IGmEuTR694Y6m4f9EOzSwlAwfcF2xCLF8wVJ5w6NgOgulGzb/aGY6dLeMzMP2DuxCjFac8Ge\n\tN0j3jtMcTpqdRdYJFPsszEcKOzj2vVEmTxaG1+lAzivqqWZIB1mkt6TKGxvkbz5vY4vOjcleM+j\n\tNx8nQfcBYMrihe1iKiA52CzShjCV1yS7nCKGNTD9FjHVNz7f8iqH1jIpAP3o9toTZnVUhIv3Tv8\n\txBV0jpys9kPRNqv3phQ=","X-Received":"by 2002:a05:7022:785:b0:133:3bc1:bf2e with SMTP id\n a92af1059eb24-13489ba2e12mr62355c88.5.1778634189086; Tue, 12 May 2026\n 18:03:09 -0700 (PDT)","X-Mailing-List":"linuxppc-dev@lists.ozlabs.org","List-Id":"","List-Help":"","List-Owner":"","List-Post":"","List-Archive":",\n ","List-Subscribe":",\n ,\n ","List-Unsubscribe":"","Precedence":"list","MIME-Version":"1.0","References":"<20260504154205.21394-1-atrajeev@linux.ibm.com>\n <20260504154205.21394-2-atrajeev@linux.ibm.com>","In-Reply-To":"<20260504154205.21394-2-atrajeev@linux.ibm.com>","From":"Ian Rogers ","Date":"Tue, 12 May 2026 18:02:55 -0700","X-Gm-Features":"AVHnY4L4IACcJi8qI8F6D66t_-FPiqzis4dycqEsczXQ7zZot14mCrzXc7WlR2Y","Message-ID":"\n ","Subject":"Re: [PATCH V4 2/2] tools/perf: Use scnprintf in buffer offset\n calculations","To":"Athira Rajeev ","Cc":"acme@kernel.org, jolsa@kernel.org, adrian.hunter@intel.com,\n\tmpetlan@redhat.com, tmricht@linux.ibm.com, maddy@linux.ibm.com,\n\tnamhyung@kernel.org, linux-perf-users@vger.kernel.org,\n\tlinuxppc-dev@lists.ozlabs.org, hbathini@linux.vnet.ibm.com,\n\tTejas.Manhas1@ibm.com, Tanushree.Shah@ibm.com, shivani@linux.ibm.com","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable","X-Spam-Status":"No, score=-15.7 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,\n\tDKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH,\n\tRCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL,\n\tUSER_IN_DEF_SPF_WL autolearn=disabled version=4.0.1 OzLabs 8","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on lists.ozlabs.org"}}]