1. Patchew
  2. linux
  3. [PATCH 0/3] Some build fixes
  4. View patch

[PATCH 3/3] perf hist stdio: Do bounds check when printing callchains to avoid UB with new gcc versions

Arnaldo Carvalho de Melo posted 3 patches 11 months ago
[PATCH 3/3] perf hist stdio: Do bounds check when printing callchains to avoid UB with new gcc versions
Posted by Arnaldo Carvalho de Melo 11 months ago 
From: Arnaldo Carvalho de Melo <acme@redhat.com>

Do a simple bounds check to avoid this on new gcc versions:

  31    15.81 fedora:rawhide                : FAIL gcc version 15.0.1 20250225 (Red Hat 15.0.1-0) (GCC)
    In function 'callchain__fprintf_left_margin',
        inlined from 'callchain__fprintf_graph.constprop' at ui/stdio/hist.c:246:12:
    ui/stdio/hist.c:27:39: error: iteration 2147483647 invokes undefined behavior [-Werror=aggressive-loop-optimizations]
       27 |         for (i = 0; i < left_margin; i++)
          |                                      ~^~
    ui/stdio/hist.c:27:23: note: within this loop
       27 |         for (i = 0; i < left_margin; i++)
          |                     ~~^~~~~~~~~~~~~
    cc1: all warnings being treated as errors
    --
    util/units.c: In function 'unit_number__scnprintf':
    util/units.c:67:24: error: initializer-string for array of 'char' is too long [-Werror=unterminated-string-initialization]
       67 |         char unit[4] = "BKMG";
          |                        ^~~~~~
    cc1: all warnings being treated as errors

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: James Clark <james.clark@linaro.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
 tools/perf/ui/stdio/hist.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/perf/ui/stdio/hist.c b/tools/perf/ui/stdio/hist.c
index 74b2c619c56c8ba3..7ac4b98e28bca82e 100644
--- a/tools/perf/ui/stdio/hist.c
+++ b/tools/perf/ui/stdio/hist.c
@@ -1,4 +1,5 @@
 // SPDX-License-Identifier: GPL-2.0
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <linux/string.h>
@@ -24,6 +25,9 @@ static size_t callchain__fprintf_left_margin(FILE *fp, int left_margin)
 	int i;
 	int ret = fprintf(fp, "            ");
 
+	if (left_margin > USHRT_MAX)
+		left_margin = USHRT_MAX;
+
 	for (i = 0; i < left_margin; i++)
 		ret += fprintf(fp, " ");
 
-- 
2.48.1
Re: [PATCH 3/3] perf hist stdio: Do bounds check when printing callchains to avoid UB with new gcc versions
Posted by Namhyung Kim 11 months ago 
On Mon, Mar 10, 2025 at 04:45:33PM -0300, Arnaldo Carvalho de Melo wrote:
> From: Arnaldo Carvalho de Melo <acme@redhat.com>
> 
> Do a simple bounds check to avoid this on new gcc versions:
> 
>   31    15.81 fedora:rawhide                : FAIL gcc version 15.0.1 20250225 (Red Hat 15.0.1-0) (GCC)
>     In function 'callchain__fprintf_left_margin',
>         inlined from 'callchain__fprintf_graph.constprop' at ui/stdio/hist.c:246:12:
>     ui/stdio/hist.c:27:39: error: iteration 2147483647 invokes undefined behavior [-Werror=aggressive-loop-optimizations]

Hmm.. does it warn about a signed integer overflow?

2147483647 is 0x7fffffff in hex and it should be INT_MAX.
I'm not sure what is the problem.


>        27 |         for (i = 0; i < left_margin; i++)
>           |                                      ~^~
>     ui/stdio/hist.c:27:23: note: within this loop
>        27 |         for (i = 0; i < left_margin; i++)
>           |                     ~~^~~~~~~~~~~~~
>     cc1: all warnings being treated as errors
>     --
>     util/units.c: In function 'unit_number__scnprintf':
>     util/units.c:67:24: error: initializer-string for array of 'char' is too long [-Werror=unterminated-string-initialization]
>        67 |         char unit[4] = "BKMG";
>           |                        ^~~~~~
>     cc1: all warnings being treated as errors

This part belongs to the previous commit. :)

> 
> Cc: Adrian Hunter <adrian.hunter@intel.com>
> Cc: Ian Rogers <irogers@google.com>
> Cc: James Clark <james.clark@linaro.org>
> Cc: Jiri Olsa <jolsa@kernel.org>
> Cc: Kan Liang <kan.liang@linux.intel.com>
> Cc: Namhyung Kim <namhyung@kernel.org>
> Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
> ---
>  tools/perf/ui/stdio/hist.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tools/perf/ui/stdio/hist.c b/tools/perf/ui/stdio/hist.c
> index 74b2c619c56c8ba3..7ac4b98e28bca82e 100644
> --- a/tools/perf/ui/stdio/hist.c
> +++ b/tools/perf/ui/stdio/hist.c
> @@ -1,4 +1,5 @@
>  // SPDX-License-Identifier: GPL-2.0
> +#include <limits.h>
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <linux/string.h>
> @@ -24,6 +25,9 @@ static size_t callchain__fprintf_left_margin(FILE *fp, int left_margin)
>  	int i;
>  	int ret = fprintf(fp, "            ");
>  
> +	if (left_margin > USHRT_MAX)
> +		left_margin = USHRT_MAX;
> +
>  	for (i = 0; i < left_margin; i++)
>  		ret += fprintf(fp, " ");
>  
> -- 
> 2.48.1
>
Re: [PATCH 3/3] perf hist stdio: Do bounds check when printing callchains to avoid UB with new gcc versions
Posted by Namhyung Kim 11 months ago 
On Mon, Mar 10, 2025 at 02:55:52PM -0700, Namhyung Kim wrote:
> On Mon, Mar 10, 2025 at 04:45:33PM -0300, Arnaldo Carvalho de Melo wrote:
> > From: Arnaldo Carvalho de Melo <acme@redhat.com>
> > 
> > Do a simple bounds check to avoid this on new gcc versions:
> > 
> >   31    15.81 fedora:rawhide                : FAIL gcc version 15.0.1 20250225 (Red Hat 15.0.1-0) (GCC)
> >     In function 'callchain__fprintf_left_margin',
> >         inlined from 'callchain__fprintf_graph.constprop' at ui/stdio/hist.c:246:12:
> >     ui/stdio/hist.c:27:39: error: iteration 2147483647 invokes undefined behavior [-Werror=aggressive-loop-optimizations]
> 
> Hmm.. does it warn about a signed integer overflow?
> 
> 2147483647 is 0x7fffffff in hex and it should be INT_MAX.
> I'm not sure what is the problem.

Maybe the aggressive loop optimization can unroll the loop more than the
INT_MAX...?  Anyway the fix is simple and makes sense.

> 
> 
> >        27 |         for (i = 0; i < left_margin; i++)
> >           |                                      ~^~
> >     ui/stdio/hist.c:27:23: note: within this loop
> >        27 |         for (i = 0; i < left_margin; i++)
> >           |                     ~~^~~~~~~~~~~~~
> >     cc1: all warnings being treated as errors
> >     --
> >     util/units.c: In function 'unit_number__scnprintf':
> >     util/units.c:67:24: error: initializer-string for array of 'char' is too long [-Werror=unterminated-string-initialization]
> >        67 |         char unit[4] = "BKMG";
> >           |                        ^~~~~~
> >     cc1: all warnings being treated as errors
> 
> This part belongs to the previous commit. :)

I'll drop this part.

Thanks,
Namhyung

> 
> > 
> > Cc: Adrian Hunter <adrian.hunter@intel.com>
> > Cc: Ian Rogers <irogers@google.com>
> > Cc: James Clark <james.clark@linaro.org>
> > Cc: Jiri Olsa <jolsa@kernel.org>
> > Cc: Kan Liang <kan.liang@linux.intel.com>
> > Cc: Namhyung Kim <namhyung@kernel.org>
> > Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
> > ---
> >  tools/perf/ui/stdio/hist.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/tools/perf/ui/stdio/hist.c b/tools/perf/ui/stdio/hist.c
> > index 74b2c619c56c8ba3..7ac4b98e28bca82e 100644
> > --- a/tools/perf/ui/stdio/hist.c
> > +++ b/tools/perf/ui/stdio/hist.c
> > @@ -1,4 +1,5 @@
> >  // SPDX-License-Identifier: GPL-2.0
> > +#include <limits.h>
> >  #include <stdio.h>
> >  #include <stdlib.h>
> >  #include <linux/string.h>
> > @@ -24,6 +25,9 @@ static size_t callchain__fprintf_left_margin(FILE *fp, int left_margin)
> >  	int i;
> >  	int ret = fprintf(fp, "            ");
> >  
> > +	if (left_margin > USHRT_MAX)
> > +		left_margin = USHRT_MAX;
> > +
> >  	for (i = 0; i < left_margin; i++)
> >  		ret += fprintf(fp, " ");
> >  
> > -- 
> > 2.48.1
> >

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.