From d8bd9e0aedabcb47887712497bc386a06ddcbd12 Mon Sep 17 00:00:00 2001
From: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Date: Mon, 7 Dec 2009 12:06:29 +0800
Subject: perf_event: Fix raw event processing

We use 'data.raw_data' parameter to call process_raw_event(),
but data.raw_data buffer not include data size. it can make perf
tool crash.

This bug was introduced by commit 180f95e29a ("perf: Make common
SAMPLE_EVENT parser").

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Li Zefan <lizf@cn.fujitsu.com>
LKML-Reference: <4B1C7F45.5080105@cn.fujitsu.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
 tools/perf/builtin-kmem.c  | 11 ++++++++---
 tools/perf/builtin-sched.c | 11 ++++++++---
 2 files changed, 16 insertions(+), 6 deletions(-)

(limited to 'tools')

diff --git a/tools/perf/builtin-kmem.c b/tools/perf/builtin-kmem.c
index f218990de0c..f84d7a3db68 100644
--- a/tools/perf/builtin-kmem.c
+++ b/tools/perf/builtin-kmem.c
@@ -289,13 +289,17 @@ static void process_free_event(struct raw_event_sample *raw,
 }
 
 static void
-process_raw_event(event_t *raw_event __used, void *more_data,
+process_raw_event(event_t *raw_event __used, u32 size, void *data,
 		  int cpu, u64 timestamp, struct thread *thread)
 {
-	struct raw_event_sample *raw = more_data;
+	struct raw_event_sample *raw;
 	struct event *event;
 	int type;
 
+	raw = malloc_or_die(sizeof(*raw)+size);
+	raw->size = size;
+	memcpy(raw->data, data, size);
+
 	type = trace_parse_common_type(raw->data);
 	event = trace_find_event(type);
 
@@ -345,7 +349,8 @@ static int process_sample_event(event_t *event)
 
 	dump_printf(" ... thread: %s:%d\n", thread->comm, thread->pid);
 
-	process_raw_event(event, data.raw_data, data.cpu, data.time, thread);
+	process_raw_event(event, data.raw_size, data.raw_data, data.cpu,
+			  data.time, thread);
 
 	return 0;
 }
diff --git a/tools/perf/builtin-sched.c b/tools/perf/builtin-sched.c
index 7481ebdb17e..4655e16b929 100644
--- a/tools/perf/builtin-sched.c
+++ b/tools/perf/builtin-sched.c
@@ -1570,13 +1570,17 @@ process_sched_migrate_task_event(struct raw_event_sample *raw,
 }
 
 static void
-process_raw_event(event_t *raw_event __used, void *more_data,
+process_raw_event(event_t *raw_event __used, u32 size, void *data,
 		  int cpu, u64 timestamp, struct thread *thread)
 {
-	struct raw_event_sample *raw = more_data;
+	struct raw_event_sample *raw;
 	struct event *event;
 	int type;
 
+	raw = malloc_or_die(sizeof(*raw)+size);
+	raw->size = size;
+	memcpy(raw->data, data, size);
+
 	type = trace_parse_common_type(raw->data);
 	event = trace_find_event(type);
 
@@ -1629,7 +1633,8 @@ static int process_sample_event(event_t *event)
 	if (profile_cpu != -1 && profile_cpu != (int)data.cpu)
 		return 0;
 
-	process_raw_event(event, data.raw_data, data.cpu, data.time, thread);
+	process_raw_event(event, data.raw_size, data.raw_data, data.cpu,
+			  data.time, thread);
 
 	return 0;
 }
-- 
cgit v1.2.3