From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>
Cc: Jiri Olsa <jolsa@kernel.org>, Namhyung Kim <namhyung@kernel.org>,
Clark Williams <williams@redhat.com>,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
Leo Yan <leo.yan@linaro.org>,
Adrian Hunter <adrian.hunter@intel.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Alexey Budankov <alexey.budankov@linux.intel.com>,
Alexios Zavras <alexios.zavras@intel.com>,
Andi Kleen <ak@linux.intel.com>,
Changbin Du <changbin.du@intel.com>,
"David S . Miller" <davem@davemloft.net>,
Davidlohr Bueso <dave@stgolabs.net>,
Eric Saint-Etienne <eric.saint.etienne@oracle.com>,
Jin Yao <yao.jin@linux.intel.com>,
Konstantin Khlebnikov <khlebnikov@yandex-team.ru>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Peter Zijlstra <peterz@infradead.org>
Subject: [PATCH 04/25] perf annotate: Fix dereferencing freed memory found by the smatch tool
Date: Tue, 9 Jul 2019 15:31:05 -0300 [thread overview]
Message-ID: <20190709183126.30257-5-acme@kernel.org> (raw)
In-Reply-To: <20190709183126.30257-1-acme@kernel.org>
From: Leo Yan <leo.yan@linaro.org>
Based on the following report from Smatch, fix the potential
dereferencing freed memory check.
tools/perf/util/annotate.c:1125
disasm_line__parse() error: dereferencing freed memory 'namep'
tools/perf/util/annotate.c
1100 static int disasm_line__parse(char *line, const char **namep, char **rawp)
1101 {
1102 char tmp, *name = ltrim(line);
[...]
1114 *namep = strdup(name);
1115
1116 if (*namep == NULL)
1117 goto out_free_name;
[...]
1124 out_free_name:
1125 free((void *)namep);
^^^^^
1126 *namep = NULL;
^^^^^^
1127 return -1;
1128 }
If strdup() fails to allocate memory space for *namep, we don't need to
free memory with pointer 'namep', which is resident in data structure
disasm_line::ins::name; and *namep is NULL pointer for this failure, so
it's pointless to assign NULL to *namep again.
Committer note:
Freeing namep, which is the address of the first entry of the 'struct
ins' that is the first member of struct disasm_line would in fact free
that disasm_line instance, if it was allocated via malloc/calloc, which,
later, would a dereference of freed memory.
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Alexios Zavras <alexios.zavras@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Changbin Du <changbin.du@intel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Eric Saint-Etienne <eric.saint.etienne@oracle.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Song Liu <songliubraving@fb.com>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/20190702103420.27540-5-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/annotate.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index ec7aaf31c2b2..944a6507a5e3 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1119,16 +1119,14 @@ static int disasm_line__parse(char *line, const char **namep, char **rawp)
*namep = strdup(name);
if (*namep == NULL)
- goto out_free_name;
+ goto out;
(*rawp)[0] = tmp;
*rawp = skip_spaces(*rawp);
return 0;
-out_free_name:
- free((void *)namep);
- *namep = NULL;
+out:
return -1;
}
--
2.21.0
WARNING: multiple messages have this Message-ID (diff)
From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>
Cc: Song Liu <songliubraving@fb.com>,
Konstantin Khlebnikov <khlebnikov@yandex-team.ru>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Adrian Hunter <adrian.hunter@intel.com>,
Jin Yao <yao.jin@linux.intel.com>,
Andi Kleen <ak@linux.intel.com>,
Alexey Budankov <alexey.budankov@linux.intel.com>,
Clark Williams <williams@redhat.com>,
Suzuki Poulouse <suzuki.poulose@arm.com>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Alexios Zavras <alexios.zavras@intel.com>,
Davidlohr Bueso <dave@stgolabs.net>,
Namhyung Kim <namhyung@kernel.org>,
linux-arm-kernel@lists.infradead.org,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Thomas Richter <tmricht@linux.ibm.com>,
linux-kernel@vger.kernel.org,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
"David S . Miller" <davem@davemloft.net>,
linux-perf-users@vger.kernel.org,
Changbin Du <changbin.du@intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Jiri Olsa <jolsa@kernel.org>, Leo Yan <leo.yan@linaro.org>,
Eric Saint-Etienne <eric.saint.etienne@oracle.com>
Subject: [PATCH 04/25] perf annotate: Fix dereferencing freed memory found by the smatch tool
Date: Tue, 9 Jul 2019 15:31:05 -0300 [thread overview]
Message-ID: <20190709183126.30257-5-acme@kernel.org> (raw)
In-Reply-To: <20190709183126.30257-1-acme@kernel.org>
From: Leo Yan <leo.yan@linaro.org>
Based on the following report from Smatch, fix the potential
dereferencing freed memory check.
tools/perf/util/annotate.c:1125
disasm_line__parse() error: dereferencing freed memory 'namep'
tools/perf/util/annotate.c
1100 static int disasm_line__parse(char *line, const char **namep, char **rawp)
1101 {
1102 char tmp, *name = ltrim(line);
[...]
1114 *namep = strdup(name);
1115
1116 if (*namep == NULL)
1117 goto out_free_name;
[...]
1124 out_free_name:
1125 free((void *)namep);
^^^^^
1126 *namep = NULL;
^^^^^^
1127 return -1;
1128 }
If strdup() fails to allocate memory space for *namep, we don't need to
free memory with pointer 'namep', which is resident in data structure
disasm_line::ins::name; and *namep is NULL pointer for this failure, so
it's pointless to assign NULL to *namep again.
Committer note:
Freeing namep, which is the address of the first entry of the 'struct
ins' that is the first member of struct disasm_line would in fact free
that disasm_line instance, if it was allocated via malloc/calloc, which,
later, would a dereference of freed memory.
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Alexios Zavras <alexios.zavras@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Changbin Du <changbin.du@intel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Eric Saint-Etienne <eric.saint.etienne@oracle.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Song Liu <songliubraving@fb.com>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/20190702103420.27540-5-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/annotate.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index ec7aaf31c2b2..944a6507a5e3 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1119,16 +1119,14 @@ static int disasm_line__parse(char *line, const char **namep, char **rawp)
*namep = strdup(name);
if (*namep == NULL)
- goto out_free_name;
+ goto out;
(*rawp)[0] = tmp;
*rawp = skip_spaces(*rawp);
return 0;
-out_free_name:
- free((void *)namep);
- *namep = NULL;
+out:
return -1;
}
--
2.21.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>
Cc: Jiri Olsa <jolsa@kernel.org>, Namhyung Kim <namhyung@kernel.org>,
Clark Williams <williams@redhat.com>,
linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org,
Leo Yan <leo.yan@linaro.org>,
Adrian Hunter <adrian.hunter@intel.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Alexey Budankov <alexey.budankov@linux.intel.com>,
Alexios Zavras <alexios.zavras@intel.com>,
Andi Kleen <ak@linux.intel.com>,
Changbin Du <changbin.du@intel.com>,
"David S . Miller" <davem@davemloft.net>,
Davidlohr Bueso <dave@stgolabs.net>,
Eric Saint-Etienne <eric.saint.etienne@oracle.com>,
Jin Yao <yao.jin@linux.intel.com>,
Konstantin Khlebnikov <khlebnikov@yandex-team.ru>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Peter Zijlstra <peterz@infradead.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Song Liu <songliubraving@fb.com>,
Suzuki Poulouse <suzuki.poulose@arm.com>,
Thomas Richter <tmricht@linux.ibm.com>,
linux-arm-kernel@lists.infradead.org,
Arnaldo Carvalho de Melo <acme@redhat.com>
Subject: [PATCH 04/25] perf annotate: Fix dereferencing freed memory found by the smatch tool
Date: Tue, 9 Jul 2019 15:31:05 -0300 [thread overview]
Message-ID: <20190709183126.30257-5-acme@kernel.org> (raw)
In-Reply-To: <20190709183126.30257-1-acme@kernel.org>
From: Leo Yan <leo.yan@linaro.org>
Based on the following report from Smatch, fix the potential
dereferencing freed memory check.
tools/perf/util/annotate.c:1125
disasm_line__parse() error: dereferencing freed memory 'namep'
tools/perf/util/annotate.c
1100 static int disasm_line__parse(char *line, const char **namep, char **rawp)
1101 {
1102 char tmp, *name = ltrim(line);
[...]
1114 *namep = strdup(name);
1115
1116 if (*namep == NULL)
1117 goto out_free_name;
[...]
1124 out_free_name:
1125 free((void *)namep);
^^^^^
1126 *namep = NULL;
^^^^^^
1127 return -1;
1128 }
If strdup() fails to allocate memory space for *namep, we don't need to
free memory with pointer 'namep', which is resident in data structure
disasm_line::ins::name; and *namep is NULL pointer for this failure, so
it's pointless to assign NULL to *namep again.
Committer note:
Freeing namep, which is the address of the first entry of the 'struct
ins' that is the first member of struct disasm_line would in fact free
that disasm_line instance, if it was allocated via malloc/calloc, which,
later, would a dereference of freed memory.
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Cc: Alexios Zavras <alexios.zavras@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Changbin Du <changbin.du@intel.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Eric Saint-Etienne <eric.saint.etienne@oracle.com>
Cc: Jin Yao <yao.jin@linux.intel.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Song Liu <songliubraving@fb.com>
Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/20190702103420.27540-5-leo.yan@linaro.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---
tools/perf/util/annotate.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c
index ec7aaf31c2b2..944a6507a5e3 100644
--- a/tools/perf/util/annotate.c
+++ b/tools/perf/util/annotate.c
@@ -1119,16 +1119,14 @@ static int disasm_line__parse(char *line, const char **namep, char **rawp)
*namep = strdup(name);
if (*namep == NULL)
- goto out_free_name;
+ goto out;
(*rawp)[0] = tmp;
*rawp = skip_spaces(*rawp);
return 0;
-out_free_name:
- free((void *)namep);
- *namep = NULL;
+out:
return -1;
}
--
2.21.0
next prev parent reply other threads:[~2019-07-09 18:31 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-09 18:31 [GIT PULL] perf/core improvements and fixes Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 01/25] perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 02/25] perf stat: Fix use-after-freed pointer detected by the smatch tool Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 03/25] perf top: Fix potential NULL pointer dereference " Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo [this message]
2019-07-09 18:31 ` [PATCH 04/25] perf annotate: Fix dereferencing freed memory found " Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 05/25] perf trace: Fix potential NULL pointer dereference " Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 06/25] perf map: Fix potential NULL pointer dereference found by " Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 07/25] perf inject: The tool->read() call may pass a NULL evsel, handle it Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 08/25] perf session: Fix potential NULL pointer dereference found by the smatch tool Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 09/25] perf evsel: perf_evsel__name(NULL) is valid, no need to check evsel Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 10/25] perf tools: Add missing headers, mostly stdlib.h Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 11/25] perf namespaces: Move the conditional setns() prototype to namespaces.h Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 12/25] perf tools: Move get_current_dir_name() cond prototype out of util.h Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 13/25] tools lib: Adopt zalloc()/zfree() from tools/perf Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 14/25] perf tools: Use zfree() where applicable Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 15/25] perf tools: Use list_del_init() more thorougly Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 16/25] perf metricgroup: Add missing list_del_init() when flushing egroups list Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 17/25] perf parse-events: Remove unused variable 'i' Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 18/25] perf parse-events: Remove unused variable: error Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 19/25] perf cs-etm: Fix potential NULL pointer dereference found by the smatch tool Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 20/25] perf hists browser: " Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 21/25] perf scripts python: export-to-postgresql.py: Fix DROP VIEW power_events_view Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 22/25] perf scripts python: export-to-sqlite.py: " Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 23/25] perf script: Assume native_arch for pipe mode Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 24/25] perf intel-bts: Fix potential NULL pointer dereference found by the smatch tool Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-09 18:31 ` [PATCH 25/25] perf intel-pt: " Arnaldo Carvalho de Melo
2019-07-09 18:31 ` Arnaldo Carvalho de Melo
2019-07-13 9:13 ` [GIT PULL] perf/core improvements and fixes Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190709183126.30257-5-acme@kernel.org \
--to=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=alexey.budankov@linux.intel.com \
--cc=alexios.zavras@intel.com \
--cc=changbin.du@intel.com \
--cc=dave@stgolabs.net \
--cc=davem@davemloft.net \
--cc=eric.saint.etienne@oracle.com \
--cc=jolsa@kernel.org \
--cc=khlebnikov@yandex-team.ru \
--cc=leo.yan@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mathieu.poirier@linaro.org \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=williams@redhat.com \
--cc=yao.jin@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.