From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B693C0650E for ; Wed, 3 Jul 2019 18:44:43 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E9BB721852 for ; Wed, 3 Jul 2019 18:44:42 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="bElyg9y0" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E9BB721852 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=dTMQ94SPjkaLryWKAQlUnTlO/DiBlJ40yYCzooe13Qg=; b=bElyg9y0RpFDq5 ihx9FEpNyvzHzsexCzv5TfiaVSLfTbrrsGZ33druTy1TM2ZI85Fpnvf14thEA3o9Ya346WoxkXE7J lg/+mDe2J1L8opFfBVhlCMXBlH7qMgEJT0rduz+M0X+3XQRDoxBG8jjICFECdE4NoT6YxSHuCAefs esKcp3nm/Kjd5y4wkqYTqcMHgxEYGiJ7KOV2AN2Y5OJXxVdCibEQPuJShuZkyxXEPxI33S9YHbK+c G5t7RhVyoSLfihmNeR/K8UDEYWsON1zE4Kuoz60qZ4MIpLeZZnpYs7r19SHDnzCWMmXP3K8bZn8L1 Z1vc38phlMVpgCxn67Qg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hikF9-0006VX-Ic; Wed, 03 Jul 2019 18:44:35 +0000 Received: from [177.195.209.182] (helo=quaco.ghostprotocols.net) by bombadil.infradead.org with esmtpsa (Exim 4.92 #3 (Red Hat Linux)) id 1hikF6-0006SG-Sd; Wed, 03 Jul 2019 18:44:33 +0000 Received: by quaco.ghostprotocols.net (Postfix, from userid 1000) id 7149D41153; Wed, 3 Jul 2019 15:43:46 -0300 (-03) Date: Wed, 3 Jul 2019 15:43:46 -0300 From: Arnaldo Carvalho de Melo To: Leo Yan Subject: Re: [PATCH v1 04/11] perf annotate: Smatch: Fix dereferencing freed memory Message-ID: <20190703184346.GE10740@kernel.org> References: <20190702103420.27540-1-leo.yan@linaro.org> <20190702103420.27540-5-leo.yan@linaro.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190702103420.27540-5-leo.yan@linaro.org> X-Url: http://acmel.wordpress.com User-Agent: Mutt/1.11.3 (2019-02-01) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Song Liu , Peter Zijlstra , Rasmus Villemoes , linux-kernel@vger.kernel.org, Jin Yao , Jiri Olsa , Andi Kleen , Eric Saint-Etienne , Konstantin Khlebnikov , Ingo Molnar , Suzuki K Poulose , Alexios Zavras , Davidlohr Bueso , Namhyung Kim , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, Mathieu Poirier , Thomas Richter , Adrian Hunter , Alexander Shishkin , "David S. Miller" , Changbin Du , Alexey Budankov Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org Em Tue, Jul 02, 2019 at 06:34:13PM +0800, Leo Yan escreveu: > Based on the following report from Smatch, fix the potential > dereferencing freed memory check. > > tools/perf/util/annotate.c:1125 > disasm_line__parse() error: dereferencing freed memory 'namep' > > tools/perf/util/annotate.c > 1100 static int disasm_line__parse(char *line, const char **namep, char **rawp) > 1101 { > 1102 char tmp, *name = ltrim(line); > > [...] > > 1114 *namep = strdup(name); > 1115 > 1116 if (*namep == NULL) > 1117 goto out_free_name; > > [...] > > 1124 out_free_name: > 1125 free((void *)namep); > ^^^^^ > 1126 *namep = NULL; > ^^^^^^ > 1127 return -1; > 1128 } > > If strdup() fails to allocate memory space for *namep, we don't need to > free memory with pointer 'namep', which is resident in data structure > disasm_line::ins::name; and *namep is NULL pointer for this failure, so > it's pointless to assign NULL to *namep again. Applied, with this extra comment: Committer note: Freeing namep, which is the address of the first entry of the 'struct ins' that is the first member of struct disasm_line would in fact free that disasm_line instance, if it was allocated via malloc/calloc, which, later, would a dereference of freed memory. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B518C0650E for ; Wed, 3 Jul 2019 18:53:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 744BE2080C for ; Wed, 3 Jul 2019 18:53:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lY5Cz6Dw" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727021AbfGCSxb (ORCPT ); Wed, 3 Jul 2019 14:53:31 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:34581 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726430AbfGCSxa (ORCPT ); Wed, 3 Jul 2019 14:53:30 -0400 Received: by mail-qt1-f195.google.com with SMTP id m29so2883090qtu.1 for ; Wed, 03 Jul 2019 11:53:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=Ag64teZVzLgzhFHw838DwskIKJMH8sytfjo0gih9s74=; b=lY5Cz6Dwq3tuK627jXknuGB72hyzdZLRX32qIaFinH3OPVJzGvtrjp4cMSmkZvLt1o b9BPXYPD1kpfRx7y35XrfWBXCNXZR5fPxtIA8Zqun6KvZAiD0yri84rdvhdkrPbLyANK oEMuPtdMuC9EdgUWlMi6X1OL1JrC+T9BEzUE1CF9KWi0MZtEcYtF1cNuzwGAqJjewnFm KwI69MEQ1gh3BPL73rOiqqyD6h6zzYWxNgfnevPYOEtMv7h0n7pKeXyyIO7Zw2VJtoyv s7wE4Ek1bd9rzbJCuMq8oECimJKx0sT5kzk/Yqd34qRi/Y+UZrfIdQMYnarZ4UAdnrd1 3s5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=Ag64teZVzLgzhFHw838DwskIKJMH8sytfjo0gih9s74=; b=InPmHUCr515HsgJoN7otxtBqWZv0UXYW+/NIrz23WgCXmKRpfIQ0FCZu+TfTEQ1Tff rYyWXIwJB/IklNfgaPkhA0fmXdSGa2DHqwCv3rDLov0PdTemsd8TqtOCI4vXONxOvSxK o/s6xJ2eE9EZ4qGIhUdTzabaK/DwSujceXNrWOqCkepvajcguBN6E7iEkFj3TeIPJzhu NYrSvMDiHxMnUolrzZV+lZBeOquxd5MOw06iQXMogHvJR1teU9AvkSfcsIL6GgGfbMA3 DgEL7VwfVM/KAmhK6N42611a4AuEalwAIzmU/dtRt4QdNA0V4fKZxYBxozY5iNaaG8tl awPQ== X-Gm-Message-State: APjAAAU48etXD7VrgeIseyKnU4D/t7+AdNYZNhUW1ZNA7CZ/wceWZQGl 24oNjd6NYRIS8LOL6dt2MweFUcaGbh8= X-Google-Smtp-Source: APXvYqxjDVXPEEZJiTxktdMBN6QlLesr3wBNxSdPVRUUQsrXa7K2UFXmD+asUP6taPYUEpAWsk/2cA== X-Received: by 2002:a0c:983b:: with SMTP id c56mr34311430qvd.131.1562180008940; Wed, 03 Jul 2019 11:53:28 -0700 (PDT) Received: from quaco.ghostprotocols.net ([177.195.209.182]) by smtp.gmail.com with ESMTPSA id d123sm1309369qkb.94.2019.07.03.11.53.07 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 03 Jul 2019 11:53:28 -0700 (PDT) From: Arnaldo Carvalho de Melo X-Google-Original-From: Arnaldo Carvalho de Melo Received: by quaco.ghostprotocols.net (Postfix, from userid 1000) id 7149D41153; Wed, 3 Jul 2019 15:43:46 -0300 (-03) Date: Wed, 3 Jul 2019 15:43:46 -0300 To: Leo Yan Cc: Peter Zijlstra , Ingo Molnar , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Mathieu Poirier , Suzuki K Poulose , Andi Kleen , "David S. Miller" , Davidlohr Bueso , Rasmus Villemoes , Jin Yao , Song Liu , Adrian Hunter , Alexios Zavras , Thomas Gleixner , Changbin Du , Eric Saint-Etienne , Konstantin Khlebnikov , Thomas Richter , Alexey Budankov , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: Re: [PATCH v1 04/11] perf annotate: Smatch: Fix dereferencing freed memory Message-ID: <20190703184346.GE10740@kernel.org> References: <20190702103420.27540-1-leo.yan@linaro.org> <20190702103420.27540-5-leo.yan@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190702103420.27540-5-leo.yan@linaro.org> X-Url: http://acmel.wordpress.com User-Agent: Mutt/1.11.3 (2019-02-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Em Tue, Jul 02, 2019 at 06:34:13PM +0800, Leo Yan escreveu: > Based on the following report from Smatch, fix the potential > dereferencing freed memory check. > > tools/perf/util/annotate.c:1125 > disasm_line__parse() error: dereferencing freed memory 'namep' > > tools/perf/util/annotate.c > 1100 static int disasm_line__parse(char *line, const char **namep, char **rawp) > 1101 { > 1102 char tmp, *name = ltrim(line); > > [...] > > 1114 *namep = strdup(name); > 1115 > 1116 if (*namep == NULL) > 1117 goto out_free_name; > > [...] > > 1124 out_free_name: > 1125 free((void *)namep); > ^^^^^ > 1126 *namep = NULL; > ^^^^^^ > 1127 return -1; > 1128 } > > If strdup() fails to allocate memory space for *namep, we don't need to > free memory with pointer 'namep', which is resident in data structure > disasm_line::ins::name; and *namep is NULL pointer for this failure, so > it's pointless to assign NULL to *namep again. Applied, with this extra comment: Committer note: Freeing namep, which is the address of the first entry of the 'struct ins' that is the first member of struct disasm_line would in fact free that disasm_line instance, if it was allocated via malloc/calloc, which, later, would a dereference of freed memory.