Bug#883115: perf: annotate doesn't work when symfs_filename contains shell-special characters

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#883115: perf: annotate doesn't work when symfs_filename contains shell-special characters
From: Ivan Krylov <krylov.r00t@gmail.com>
Date: Wed, 29 Nov 2017 23:47:18 +0300
Message-id: <[🔎] 151198843870.23884.420495773755942260.reportbug@Tarkus>
Reply-to: Ivan Krylov <krylov.r00t@gmail.com>, 883115@bugs.debian.org

Package: linux-perf-4.9
Version: 4.9.51-1
Severity: normal

Dear Maintainer,

I was trying to profile a binary linked to a non-system numeric calculation
library. The library in question is in its rpath which contains spaces.

When I chose "annotate this function" in `perf report` UI, I got "rep: <part
of the path to the library>: no such file or directory".

The bug seems to be around line 1349 of tools/perf/util/annotate.c:
https://sources.debian.net/src/linux/4.9.30-2%2Bdeb9u2/tools/perf/util/annotate.c/#L1349
- a command line is being built there with no regard to possible shell-special characters
in the variables.

A proper way to pass arbitrary strings to child process could be to pass them in separate
arguments using execl(...) and refer to them inside the command line only as "$1", "$2"
and so on - with proper quoting. Example:

	snprintf(command, sizeof(command),
		 "\"$1\" %s%s --start-address=0x%016" PRIx64
		 " --stop-address=0x%016" PRIx64
		 " -l -d %s %s -C \"$2\" 2>/dev/null|grep -v \"$2\"|expand",		 
		 disassembler_style ? "-M " : "",
		 disassembler_style ? disassembler_style : "",
		 map__rip_2objdump(map, sym->start),
		 map__rip_2objdump(map, sym->end),
		 symbol_conf.annotate_asm_raw ? "" : "--no-show-raw",
		 symbol_conf.annotate_src ? "-S" : "");

// and later

		execl("/bin/sh", "sh", "-c", command, "--", objdump_path ? objdump_path : "objdump", symfs_filename, NULL);

Whatever special symbols are there in objdump_path or symfs_filename, they won't escape from
the command line parameters because they are properly quoted in the command line.

-- System Information:
Debian Release: 9.1
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=ru_RU.utf8, LC_CTYPE=ru_RU.utf8 (charmap=UTF-8), LANGUAGE=ru_RU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages linux-perf-4.9 depends on:
ii  libaudit1           1:2.6.7-2
ii  libbabeltrace-ctf1  1.5.1-1
ii  libc6               2.24-11+deb9u1
ii  libdw1              0.168-1
ii  libelf1             0.168-1
ii  libnuma1            2.0.11-2.1
ii  libperl5.24         5.24.1-3+deb9u2
ii  libpython2.7        2.7.13-2
ii  libslang2           2.3.1-5
ii  libunwind8          1.1-4.1
ii  zlib1g              1:1.2.8.dfsg-5

Versions of packages linux-perf-4.9 recommends:
ii  linux-base  4.5

Versions of packages linux-perf-4.9 suggests:
pn  linux-doc-4.9  <none>

-- no debconf information

Reply to:

Prev by Date: Re: Processed: Re: Bug#420167: linux-image-2.6.20-1-686: vmplayer vmmon module fails to load because of paravirtualization
Next by Date: Bug#883181: linux-image-4.9.0-4-amd64: Default stretch kernel raises cgroup strack traces under high load
Previous by thread: Re: Processed: Re: Bug#420167: linux-image-2.6.20-1-686: vmplayer vmmon module fails to load because of paravirtualization
Next by thread: Bug#883181: linux-image-4.9.0-4-amd64: Default stretch kernel raises cgroup strack traces under high load
Index(es):
- Date
- Thread