perf: Fix read buffer overflow

Check whether index is within bounds before testing the element.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Cc: a.p.zijlstra@chello.nl
Cc: Andrew Morton <akpm@linux-foundation.org>
LKML-Reference: <4A757BCF.40101@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

diff --git a/tools/perf/builtin-report.c b/tools/perf/builtin-report.c
index 95fd06cdaa99260bebaac42b98374bee1f5bc9ed..ce4f28645e6438069c1b20a33c2a13f9cb18d7ce 100644 (file)
--- a/tools/perf/builtin-report.c
+++ b/tools/perf/builtin-report.c
@@ -253,7 +253,7 @@ static int strcommon(const char *pathname)
 {
        int n = 0;
 
-       while (pathname[n] == cwd[n] && n < cwdlen)
+       while (n < cwdlen && pathname[n] == cwd[n])
                ++n;
 
        return n;

diff --git a/tools/perf/util/quote.c b/tools/perf/util/quote.c
index c6e5dc0dc82f632dc2b1ae44b5f8e51f707b1755..2726fe40eb5dd2483d16ab3064caa91eea92c62e 100644 (file)
--- a/tools/perf/util/quote.c
+++ b/tools/perf/util/quote.c
@@ -318,7 +318,7 @@ char *quote_path_relative(const char *in, int len,
                strbuf_addch(out, '"');
        if (prefix) {
                int off = 0;
-               while (prefix[off] && off < len && prefix[off] == in[off])
+               while (off < len && prefix[off] && prefix[off] == in[off])
                        if (prefix[off] == '/') {
                                prefix += off + 1;
                                in += off + 1;