diff options
author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2013-11-14 19:30:41 +0100 |
---|---|---|
committer | Arnaldo Carvalho de Melo <acme@redhat.com> | 2013-11-14 20:00:31 +0100 |
commit | 48d038fcd09fa231e254965c3b69f8f640c9e62d (patch) | |
tree | 89341f480fa3e1e86fda5281b8bd18cab7590d3f /tools/perf/ui/browser.c | |
parent | perf symbols: Limit max callchain using max_stack on DWARF unwinding too (diff) | |
download | linux-48d038fcd09fa231e254965c3b69f8f640c9e62d.tar.xz linux-48d038fcd09fa231e254965c3b69f8f640c9e62d.zip |
perf ui browser: Fix segfault caused by off by one handling END key
$ perf record ls
$ perf report
Press 'down enter end'
Result:
Program received signal SIGSEGV, Segmentation fault.
The UI browser, used on a argv array would access past the end of the
array on SEEK_END because it wasn't using 'nr_entries - 1', fix it.
Reported-by: v.karpov@samsung.com
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=59291
Link: http://lkml.kernel.org/n/tip-3g83ipasqi219ktv764xzzjs@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Diffstat (limited to 'tools/perf/ui/browser.c')
-rw-r--r-- | tools/perf/ui/browser.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/perf/ui/browser.c b/tools/perf/ui/browser.c index 3648d4ec041f..cbaa7af45513 100644 --- a/tools/perf/ui/browser.c +++ b/tools/perf/ui/browser.c @@ -569,7 +569,7 @@ void ui_browser__argv_seek(struct ui_browser *browser, off_t offset, int whence) browser->top = browser->top + browser->top_idx + offset; break; case SEEK_END: - browser->top = browser->top + browser->nr_entries + offset; + browser->top = browser->top + browser->nr_entries - 1 + offset; break; default: return; |