On Tue, May 23, 2017 at 12:48:53AM -0700, David Carrillo-Cisneros wrote:
SNIP
> +int perf_event__synthesize_features(struct perf_tool *tool,
> + struct perf_session *session,
> + struct perf_evlist *evlist,
> + perf_event__handler_t process)
> +{
> + struct perf_header *header = &session->header;
> + struct feat_fd fdd;
> + struct feature_event *fe;
> + size_t sz, sz_hdr;
> + int feat, ret;
> +
> + sz_hdr = sizeof(fe->header);
> + sz = sizeof(union perf_event);
> + /* get a nice alignment */
> + sz = PERF_ALIGN(sz, getpagesize());
> +
> + memset(&fdd, 0, sizeof(fdd));
> +
> + fdd.buf = malloc(sz);
> + if (!fdd.buf)
> + return -ENOMEM;
> +
> + fdd.size = sz - sz_hdr;
> +
> + for_each_set_bit(feat, header->adds_features, HEADER_FEAT_BITS) {
> + if (!feat_ops[feat].has_record) {
> + pr_debug("No record header feature for header :%d\n",
> feat);
> + continue;
> + }
> +
> + fdd.offset = sizeof(*fe);
> +
> + ret = feat_ops[feat].write(&fdd, evlist);
> + if (ret || fdd.offset <= (ssize_t)sizeof(*fe)) {
> + pr_debug("Error writing feature\n");
> + continue;
> + }
> +
> + /* fdd.buf may have changed due to realloc in do_write() */
right, so how's ensured the data never cross the maximum event size (0xffff) ?
I think do_write should have some check on that
jirka
