On Tue, Jun 13, 2017 at 11:54 AM, Jiri Olsa <[email protected]> wrote: > On Mon, Jun 12, 2017 at 09:29:31PM -0700, David Carrillo-Cisneros wrote: > > SNIP > >> >> void perf_event__print_totals(void); >> diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c >> index ddfaf157913d..6f6a54c15cb0 100644 >> --- a/tools/perf/util/header.c >> +++ b/tools/perf/util/header.c >> @@ -34,6 +34,7 @@ >> #include "data.h" >> #include <api/fs/fs.h> >> #include "asm/bug.h" >> +#include "tool.h" >> >> #include "sane_ctype.h" >> >> @@ -97,11 +98,14 @@ static int __do_write_buf(struct feat_fd *ff, const >> void *buf, size_t size) >> >> retry: >> if (size > (ff->size - ff->offset)) { >> - addr = realloc(ff->buf, ff->size << 1); >> + size = ff->size << 1; >> + if (size > page_size) > > event size could be 0xffff - sizeof(struct perf_event_header) > also the initial size is most likely > page_size anyway > > please put this into the patch that introduced __do_write_buf >
Thank you for reviewing this. I just realized that I sent v5 without properly addressing this issue. In v4 I tried to add a quick check without properly understanding the issue. Why is 0xffff the maximum size for an event? where is this constraint coming from? Thanks, David
