summaryrefslogtreecommitdiffstats
path: root/tools/perf/ui/browser.c
diff options
context:
space:
mode:
authorArnaldo Carvalho de Melo <acme@redhat.com>2013-11-14 19:30:41 +0100
committerArnaldo Carvalho de Melo <acme@redhat.com>2013-11-14 20:00:31 +0100
commit48d038fcd09fa231e254965c3b69f8f640c9e62d (patch)
tree89341f480fa3e1e86fda5281b8bd18cab7590d3f /tools/perf/ui/browser.c
parentperf symbols: Limit max callchain using max_stack on DWARF unwinding too (diff)
downloadlinux-48d038fcd09fa231e254965c3b69f8f640c9e62d.tar.xz
linux-48d038fcd09fa231e254965c3b69f8f640c9e62d.zip
perf ui browser: Fix segfault caused by off by one handling END key
$ perf record ls $ perf report Press 'down enter end' Result: Program received signal SIGSEGV, Segmentation fault. The UI browser, used on a argv array would access past the end of the array on SEEK_END because it wasn't using 'nr_entries - 1', fix it. Reported-by: v.karpov@samsung.com Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: David Ahern <dsahern@gmail.com> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: Mike Galbraith <efault@gmx.de> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Stephane Eranian <eranian@google.com> BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=59291 Link: http://lkml.kernel.org/n/tip-3g83ipasqi219ktv764xzzjs@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Diffstat (limited to 'tools/perf/ui/browser.c')
-rw-r--r--tools/perf/ui/browser.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/perf/ui/browser.c b/tools/perf/ui/browser.c
index 3648d4ec041f..cbaa7af45513 100644
--- a/tools/perf/ui/browser.c
+++ b/tools/perf/ui/browser.c
@@ -569,7 +569,7 @@ void ui_browser__argv_seek(struct ui_browser *browser, off_t offset, int whence)
browser->top = browser->top + browser->top_idx + offset;
break;
case SEEK_END:
- browser->top = browser->top + browser->nr_entries + offset;
+ browser->top = browser->top + browser->nr_entries - 1 + offset;
break;
default:
return;