From: Arnaldo Carvalho de Melo Date: Mon, 8 Jun 2026 11:10:43 +0000 (-0300) Subject: perf bpf: Add NULL check for btf__type_by_id() in synthesize_bpf_prog_name() X-Git-Url: http://git.ipfire.org/index.cgi?a=commitdiff_plain;h=903b0526dcf86d030c5970b4b0a67f9c227368e2;p=thirdparty%2Fkernel%2Flinux.git perf bpf: Add NULL check for btf__type_by_id() in synthesize_bpf_prog_name() synthesize_bpf_prog_name() calls btf__type_by_id() and immediately dereferences the result via t->name_off without checking for NULL. btf__type_by_id() returns NULL when the type_id is invalid or out of range. When processing perf.data files, finfo->type_id comes from untrusted input, so an invalid ID causes a NULL pointer dereference. Fix by checking t for NULL before dereferencing. Reported-by: sashiko-bot Fixes: fc462ac75b36daaa ("perf bpf: Extract logic to create program names from perf_event__synthesize_one_bpf_prog()") Cc: Song Liu Assisted-by: Claude:claude-opus-4.6 Signed-off-by: Arnaldo Carvalho de Melo --- diff --git a/tools/perf/util/bpf-event.c b/tools/perf/util/bpf-event.c index 2c09842469f1f..fe01551dc3e6c 100644 --- a/tools/perf/util/bpf-event.c +++ b/tools/perf/util/bpf-event.c @@ -146,7 +146,8 @@ static int synthesize_bpf_prog_name(char *buf, int size, if (btf) { finfo = func_infos + sub_id * info->func_info_rec_size; t = btf__type_by_id(btf, finfo->type_id); - short_name = btf__name_by_offset(btf, t->name_off); + if (t) + short_name = btf__name_by_offset(btf, t->name_off); } else if (sub_id == 0 && sub_prog_cnt == 1) { /* no subprog */ if (info->name[0])