From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Namhyung Kim <namhyung@kernel.org>
Cc: Ian Rogers <irogers@google.com>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Chenyuan Mi <cymi20@fudan.edu.cn>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] lib subcmd: Avoid segv/use-after-free when commands aren't excluded
Date: Tue, 11 Jul 2023 16:46:27 -0300 [thread overview]
Message-ID: <ZK2xk2qJE2M+bGCb@kernel.org> (raw)
In-Reply-To: <CAM9d7chqAkLuYYyOSM5n1S-Rzf5ivCCuaqz5Tc1j23a2NsWzFQ@mail.gmail.com>
Em Tue, Jul 11, 2023 at 10:36:59AM -0700, Namhyung Kim escreveu:
> On Fri, Jul 7, 2023 at 4:09 PM Ian Rogers <irogers@google.com> wrote:
> >
> > The array shortening may perform unnecessary array copies. Before
> > commit 657a3efee43a ("lib subcmd: Avoid memory leak in exclude_cmds")
> > this was benign, but afterwards this could lead to a segv.
> >
> > Fixes: 657a3efee43a ("lib subcmd: Avoid memory leak in exclude_cmds")
> > Signed-off-by: Ian Rogers <irogers@google.com>
>
> Acked-by: Namhyung Kim <namhyung@kernel.org>
Thanks, applied to perf-tools.
- Arnaldo
> Thanks,
> Namhyung
>
>
> > ---
> > tools/lib/subcmd/help.c | 18 ++++++++++++------
> > 1 file changed, 12 insertions(+), 6 deletions(-)
> >
> > diff --git a/tools/lib/subcmd/help.c b/tools/lib/subcmd/help.c
> > index 67a8d6b740ea..adfbae27dc36 100644
> > --- a/tools/lib/subcmd/help.c
> > +++ b/tools/lib/subcmd/help.c
> > @@ -68,8 +68,13 @@ void exclude_cmds(struct cmdnames *cmds, struct cmdnames *excludes)
> > while (ci < cmds->cnt && ei < excludes->cnt) {
> > cmp = strcmp(cmds->names[ci]->name, excludes->names[ei]->name);
> > if (cmp < 0) {
> > - zfree(&cmds->names[cj]);
> > - cmds->names[cj++] = cmds->names[ci++];
> > + if (ci == cj) {
> > + ci++;
> > + cj++;
> > + } else {
> > + zfree(&cmds->names[cj]);
> > + cmds->names[cj++] = cmds->names[ci++];
> > + }
> > } else if (cmp == 0) {
> > ci++;
> > ei++;
> > @@ -77,10 +82,11 @@ void exclude_cmds(struct cmdnames *cmds, struct cmdnames *excludes)
> > ei++;
> > }
> > }
> > -
> > - while (ci < cmds->cnt) {
> > - zfree(&cmds->names[cj]);
> > - cmds->names[cj++] = cmds->names[ci++];
> > + if (ci != cj) {
> > + while (ci < cmds->cnt) {
> > + zfree(&cmds->names[cj]);
> > + cmds->names[cj++] = cmds->names[ci++];
> > + }
> > }
> > for (ci = cj; ci < cmds->cnt; ci++)
> > zfree(&cmds->names[ci]);
> > --
> > 2.41.0.390.g38632f3daf-goog
> >
--
- Arnaldo
prev parent reply other threads:[~2023-07-11 19:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-07 23:09 [PATCH v2] lib subcmd: Avoid segv/use-after-free when commands aren't excluded Ian Rogers
2023-07-11 17:36 ` Namhyung Kim
2023-07-11 19:46 ` Arnaldo Carvalho de Melo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZK2xk2qJE2M+bGCb@kernel.org \
--to=acme@kernel.org \
--cc=acme@redhat.com \
--cc=cymi20@fudan.edu.cn \
--cc=irogers@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=namhyung@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.