reject negative cost and call counts in callgrind parser#112
Open
nvxbug wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CallgrindParser.parse_cost_line reuses the subposition pattern for the cost columns, so a cost written as a relative or signed token slips through even though callgrind costs are non-negative integer event counts. A file with a line like
0 -90feeds that negative value straight into the per-function and global SAMPLES totals, which deflates the denominator and pushes the other functions well past their real share of time (and silently drops the tampered function). parse_association_spec has the same gap, taking thecalls=count through a bare int(), socalls=-5lands as a negative call tally on the node and edge.Validate that the cost columns and the call count are non-negative integers and treat a line that violates that as unrecognized, the same way the parser already handles any other malformed line. Keeping the check inside the parser means a crafted profile cannot skew the totals before the rest of the pipeline sees them, and it matches the non-negative form the cost regex and the existing _call_re already describe.