perf tools: Check we are able to read the event size on mmap

Check we have enough mmaped space to read the current event
size from its headers, otherwise we may dereference some
hell there.

Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Stephane Eranian <eranian@google.com>

diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c
index fff66741f18d5db2ef85579eef21a5f3ff9ec46b..61746b5866d81d6b494be4dbca2916af1fc38b31 100644 (file)
--- a/tools/perf/util/session.c
+++ b/tools/perf/util/session.c
@@ -1007,6 +1007,13 @@ remap:
        file_pos = file_offset + head;
 
 more:
+       /*
+        * Ensure we have enough space remaining to read
+        * the size of the event in the headers.
+        */
+       if (head + sizeof(event->header) > mmap_size)
+               goto remap;
+
        event = (union perf_event *)(buf + head);
 
        if (session->header.needs_swap)