perf tools: Use snprintf() in dso__read_running_kernel_build_id()

dso__read_running_kernel_build_id() uses sprintf() to format a sysfs
path from machine->root_dir into a PATH_MAX buffer.  If root_dir is
close to PATH_MAX in length, appending "/sys/kernel/notes" (18 bytes)
overflows the stack buffer.

Switch to snprintf() with sizeof(path) to prevent the overflow.

Reported-by: sashiko-bot <sashiko-bot@kernel.org>
Fixes: cdd059d731eeb466 ("perf tools: Move dso_* related functions into dso object")
Cc: Jiri Olsa <jolsa@kernel.org>
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

diff --git a/tools/perf/util/dso.c b/tools/perf/util/dso.c
index 6a34717c9f31f18d60c1d7ced50a1b89d3233758..5d017975873817ecfdbc4e966bbca63f214327dc 100644 (file)
--- a/tools/perf/util/dso.c
+++ b/tools/perf/util/dso.c
@@ -1779,7 +1779,7 @@ void dso__read_running_kernel_build_id(struct dso *dso, struct machine *machine)
 
        if (machine__is_default_guest(machine))
                return;
-       sprintf(path, "%s/sys/kernel/notes", machine->root_dir);
+       snprintf(path, sizeof(path), "%s/sys/kernel/notes", machine->root_dir);
        sysfs__read_build_id(path, &bid);
        dso__set_build_id(dso, &bid);
 }