tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

perf hists browser: Fix potential NULL pointer dereference found by the smatch tool

Based on the following report from Smatch, fix the potential
NULL pointer dereference check.

tools/perf/ui/browsers/hists.c:641
hist_browser__run() error: we previously assumed 'hbt' could be
null (see line 625)

tools/perf/ui/browsers/hists.c:3088
perf_evsel__hists_browse() error: we previously assumed
'browser->he_selection' could be null (see line 2902)

tools/perf/ui/browsers/hists.c:3272
perf_evsel_menu__run() error: we previously assumed 'hbt' could be
null (see line 3260)

This patch firstly validating the pointers before access them, so can
fix potential NULL pointer dereference.

Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/20190708143937.7722-2-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

authored by

Leo Yan and committed by
Arnaldo Carvalho de Melo ceb75476 0702f23c

+11 -4
+11 -4
tools/perf/ui/browsers/hists.c
··· 639 639 switch (key) { 640 640 case K_TIMER: { 641 641 u64 nr_entries; 642 - hbt->timer(hbt->arg); 642 + 643 + WARN_ON_ONCE(!hbt); 644 + 645 + if (hbt) 646 + hbt->timer(hbt->arg); 643 647 644 648 if (hist_browser__has_filter(browser) || 645 649 symbol_conf.report_hierarchy) ··· 2825 2821 { 2826 2822 struct hists *hists = evsel__hists(evsel); 2827 2823 struct hist_browser *browser = perf_evsel_browser__new(evsel, hbt, env, annotation_opts); 2828 - struct branch_info *bi; 2824 + struct branch_info *bi = NULL; 2829 2825 #define MAX_OPTIONS 16 2830 2826 char *options[MAX_OPTIONS]; 2831 2827 struct popup_action actions[MAX_OPTIONS]; ··· 3091 3087 goto skip_annotation; 3092 3088 3093 3089 if (sort__mode == SORT_MODE__BRANCH) { 3094 - bi = browser->he_selection->branch_info; 3090 + 3091 + if (browser->he_selection) 3092 + bi = browser->he_selection->branch_info; 3095 3093 3096 3094 if (bi == NULL) 3097 3095 goto skip_annotation; ··· 3277 3271 3278 3272 switch (key) { 3279 3273 case K_TIMER: 3280 - hbt->timer(hbt->arg); 3274 + if (hbt) 3275 + hbt->timer(hbt->arg); 3281 3276 3282 3277 if (!menu->lost_events_warned && 3283 3278 menu->lost_events &&