perf symbols: Fix bswap copy-paste error for 32-bit ELF p_filesz

filename__read_build_id() byte-swaps 32-bit ELF program headers on
cross-endian files, but line 178 passes p_offset to bswap_32() instead
of p_filesz:

  hdrs.phdr32[i].p_filesz = bswap_32(hdrs.phdr32[i].p_offset);

This clobbers p_filesz with the already-swapped p_offset value.  The
64-bit path on line 182 is correct and swaps p_filesz from p_filesz.

The consequence is that the PT_NOTE segment read uses the wrong size,
which can cause either a short read (missing the build-id) or an
oversized read (reading past the segment into adjacent data).

Fix by swapping the correct field.

Reported-by: sashiko-bot <sashiko-bot@kernel.org>
Fixes: fef8f648bb47726d ("perf symbol: Fix use-after-free in filename__read_build_id")
Reviewed-by: Ian Rogers <irogers@google.com>
Cc: Ian Rogers <irogers@google.com>
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

diff --git a/tools/perf/util/symbol-minimal.c b/tools/perf/util/symbol-minimal.c
index 091071d06416e290f459e12806d7537a9ce7a101..f4b0a711a62cf3def59f2fb9f781edec8dfb4e0d 100644 (file)
--- a/tools/perf/util/symbol-minimal.c
+++ b/tools/perf/util/symbol-minimal.c
@@ -175,7 +175,7 @@ int filename__read_build_id(const char *filename, struct build_id *bid)
                        if (elf32) {
                                hdrs.phdr32[i].p_type = bswap_32(hdrs.phdr32[i].p_type);
                                hdrs.phdr32[i].p_offset = bswap_32(hdrs.phdr32[i].p_offset);
-                               hdrs.phdr32[i].p_filesz = bswap_32(hdrs.phdr32[i].p_offset);
+                               hdrs.phdr32[i].p_filesz = bswap_32(hdrs.phdr32[i].p_filesz);
                        } else {
                                hdrs.phdr64[i].p_type = bswap_32(hdrs.phdr64[i].p_type);
                                hdrs.phdr64[i].p_offset = bswap_64(hdrs.phdr64[i].p_offset);