From: Evgeny Pistun <kotborealis@awooo.ru>

Providing ill-formed input to `perf data conver --to-json`
causes it to crash with segmentaton fault. There's a bug in
`output_json_string` functon: input string is not validated.
This could be reproduced by crafting input that does not specify
hostname/os-release/etc, which are written to 'headers' section of
outputted json.

This patch adds a null pointer check. If `output_json_string` is
called with a null pointer, it should output empty string (`""`).

Signed-off-by: Evgeny Pistun <kotborealis@awooo.ru>
---
 tools/perf/util/data-convert-json.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/data-convert-json.c b/tools/perf/util/data-convert-json.c
index 5bb3c2ba9..f8fd22bd7 100644
--- a/tools/perf/util/data-convert-json.c
+++ b/tools/perf/util/data-convert-json.c
@@ -42,7 +42,7 @@ struct convert_json {
 static void output_json_string(FILE *out, const char *s)
 {
 	fputc('"', out);
-	while (*s) {
+	while (s != NULL && *s) {
 		switch (*s) {
 
 		// required escapes with special forms as per RFC 8259
-- 
2.25.1

On Thu, Jan 25, 2024 at 10:44 AM <kotborealis@awooo.ru> wrote:
>
> From: Evgeny Pistun <kotborealis@awooo.ru>
>
> Providing ill-formed input to `perf data conver --to-json`
> causes it to crash with segmentaton fault. There's a bug in
> `output_json_string` functon: input string is not validated.
> This could be reproduced by crafting input that does not specify
> hostname/os-release/etc, which are written to 'headers' section of
> outputted json.
>
> This patch adds a null pointer check. If `output_json_string` is
> called with a null pointer, it should output empty string (`""`).
>
> Signed-off-by: Evgeny Pistun <kotborealis@awooo.ru>

Reviewed-by: Ian Rogers <irogers@google.com>

Thanks,
Ian

> ---
>  tools/perf/util/data-convert-json.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/data-convert-json.c b/tools/perf/util/data-convert-json.c
> index 5bb3c2ba9..f8fd22bd7 100644
> --- a/tools/perf/util/data-convert-json.c
> +++ b/tools/perf/util/data-convert-json.c
> @@ -42,7 +42,7 @@ struct convert_json {
>  static void output_json_string(FILE *out, const char *s)
>  {
>         fputc('"', out);
> -       while (*s) {
> +       while (s != NULL && *s) {
>                 switch (*s) {
>
>                 // required escapes with special forms as per RFC 8259
> --
> 2.25.1
>

Hello,

On Thu, Jan 25, 2024 at 12:59 PM Ian Rogers <irogers@google.com> wrote:
>
> On Thu, Jan 25, 2024 at 10:44 AM <kotborealis@awooo.ru> wrote:
> >
> > From: Evgeny Pistun <kotborealis@awooo.ru>
> >
> > Providing ill-formed input to `perf data conver --to-json`
> > causes it to crash with segmentaton fault. There's a bug in
> > `output_json_string` functon: input string is not validated.
> > This could be reproduced by crafting input that does not specify
> > hostname/os-release/etc, which are written to 'headers' section of
> > outputted json.
> >
> > This patch adds a null pointer check. If `output_json_string` is
> > called with a null pointer, it should output empty string (`""`).
> >
> > Signed-off-by: Evgeny Pistun <kotborealis@awooo.ru>
>
> Reviewed-by: Ian Rogers <irogers@google.com>

I think this is related to this one:

  https://lore.kernel.org/linux-perf-users/20240117215101.77713-1-ilkka@os.amperecomputing.com/

I'm ok with making it robust, but also afraid it might
end up with a broken JSON if something is missing in
{ key: value } format.  IOW we may need to handle it in
a higher layer.

Thanks,
Namhyung