From: Arnaldo Carvalho de Melo <acme@redhat.com>
Date: Mon, 8 Jun 2026 10:04:25 +0000 (-0300)
Subject: perf tools: Use snprintf() in dso__read_running_kernel_build_id()
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=2ea64782a428bed74f595961e651ceb8c4c5bf22;p=thirdparty%2Fkernel%2Flinux.git

perf tools: Use snprintf() in dso__read_running_kernel_build_id()

dso__read_running_kernel_build_id() uses sprintf() to format a sysfs
path from machine->root_dir into a PATH_MAX buffer.  If root_dir is
close to PATH_MAX in length, appending "/sys/kernel/notes" (18 bytes)
overflows the stack buffer.

Switch to snprintf() with sizeof(path) to prevent the overflow.

Reported-by: sashiko-bot <sashiko-bot@kernel.org>
Fixes: cdd059d731eeb466 ("perf tools: Move dso_* related functions into dso object")
Cc: Jiri Olsa <jolsa@kernel.org>
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---

diff --git a/tools/perf/util/dso.c b/tools/perf/util/dso.c
index 6a34717c9f31f..5d01797587381 100644
--- a/tools/perf/util/dso.c
+++ b/tools/perf/util/dso.c
@@ -1779,7 +1779,7 @@ void dso__read_running_kernel_build_id(struct dso *dso, struct machine *machine)
 
 	if (machine__is_default_guest(machine))
 		return;
-	sprintf(path, "%s/sys/kernel/notes", machine->root_dir);
+	snprintf(path, sizeof(path), "%s/sys/kernel/notes", machine->root_dir);
 	sysfs__read_build_id(path, &bid);
 	dso__set_build_id(dso, &bid);
 }