]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
perf tools: Use scnprintf() in cpu_map__snprint() to prevent overflow
authorArnaldo Carvalho de Melo <acme@redhat.com>
Sat, 6 Jun 2026 23:43:52 +0000 (20:43 -0300)
committerArnaldo Carvalho de Melo <acme@redhat.com>
Wed, 10 Jun 2026 14:38:45 +0000 (11:38 -0300)
commit7953a3a9b8e02e98c6e6958f291d0ae22393e46a
tree0611d70f4a00d888ac004c61220116cea303e1ba
parent0a012113bb3a44482c163f16f4db03ccaa37a339
perf tools: Use scnprintf() in cpu_map__snprint() to prevent overflow

cpu_map__snprint() accumulates snprintf() return values in ret.
snprintf() returns the number of characters that *would have been
written* on truncation, not the actual count.  When a fragmented CPU
list exceeds the buffer, ret grows past size, causing `size - ret` to
underflow (both are size_t), and subsequent snprintf() calls write
past the end of the caller's stack buffer.

Switch to scnprintf() which returns the actual number of characters
written, making ret accumulation safe by construction.

Fixes: a24020e6b7cf6eb8 ("perf tools: Change cpu_map__fprintf output")
Reported-by: sashiko-bot <sashiko-bot@kernel.org>
Reviewed-by: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Ian Rogers <irogers@google.com>
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
tools/perf/util/cpumap.c