perf header: Fail read if header sections overlap

Buggy perf.data files can have the attributes and data
overlapping.

For example, when processing pipe data the attributes aren't known and
so file offset header calculations can consider them not present.

Later this can cause the attributes to overwrite the data. This can be
seen in:

  $ perf record -o - true > a.data
  [ perf record: Woken up 1 times to write data ]
  [ perf record: Captured and wrote 0.059 MB - ]
  $ perf inject -i a.data -o b.data
  $ perf report --stats -i b.data
  0x68 [0]: failed to process type: 510379 [Invalid argument]
  Error:
  failed to process sample
  $

This change makes reading the corrupt file fail:

  $ perf report --stats -i b.data
  Perf file header corrupt: Attributes and data overlap
  incompatible file format (rerun with -v to learn more)
  $

Which is more informative.

Signed-off-by: Ian Rogers <irogers@google.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Clark <james.clark@linaro.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Nick Terrell <terrelln@fb.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Yanteng Si <siyanteng@loongson.cn>
Cc: Yicong Yang <yangyicong@hisilicon.com>
Link: https://lore.kernel.org/r/20240829150154.37929-5-irogers@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
index 3309fe7f1d12632c4e189c585dad9bfa9bc6e2c1..65c9086610cbb69e3dae153e50b1e5f996761263 100644 (file)
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -3986,6 +3986,24 @@ int perf_file_header__read(struct perf_file_header *header,
                             adds_features));
        }
 
+       if (header->size > header->attrs.offset) {
+               pr_err("Perf file header corrupt: header overlaps attrs\n");
+               return -1;
+       }
+
+       if (header->size > header->data.offset) {
+               pr_err("Perf file header corrupt: header overlaps data\n");
+               return -1;
+       }
+
+       if ((header->attrs.offset <= header->data.offset &&
+            header->attrs.offset + header->attrs.size > header->data.offset) ||
+           (header->attrs.offset > header->data.offset &&
+            header->data.offset + header->data.size > header->attrs.offset)) {
+               pr_err("Perf file header corrupt: Attributes and data overlap\n");
+               return -1;
+       }
+
        if (header->size != sizeof(*header)) {
                /* Support the previous format */
                if (header->size == offsetof(typeof(*header), adds_features))