[PATCH] libtraceevent: Reset field properly in event_read

linux-trace-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] libtraceevent: Reset field properly in event_read_fields()
@ 2022-06-07  4:59 Namhyung Kim
  2022-06-08 15:17 ` Steven Rostedt
  0 siblings, 1 reply; 2+ messages in thread
From: Namhyung Kim @ 2022-06-07  4:59 UTC (permalink / raw)
  To: linux-trace-devel; +Cc: Ian Rogers

The field pointer is allocated and added to the fields list in a
loop.  But it might refer the previous one if it fails to parse before
allocating a new one.

In that case, it would free the previous field but didn't update the
link of the list for the one before it.  Moreover, it doesn't need to
free the previous one as it finished ok.  Let's reset the field
pointer at the end of each iteration so that it cannot see the
previous one.

This was found by a fuzz test with an event having only one field.

Signed-off-by: Namhyung Kim <namhyung@kernel.org>
---
 src/event-parse.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/event-parse.c b/src/event-parse.c
index 8f4fb59..1ba2a78 100644
--- a/src/event-parse.c
+++ b/src/event-parse.c
@@ -1902,6 +1902,7 @@ static int event_read_fields(struct tep_event *event, struct tep_format_field **

 		*fields = field;
 		fields = &field->next;
+		field = NULL;

 	} while (1);

-- 
2.36.1.255.ge46751e96f-goog

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] libtraceevent: Reset field properly in event_read_fields()
  2022-06-07  4:59 [PATCH] libtraceevent: Reset field properly in event_read_fields() Namhyung Kim
@ 2022-06-08 15:17 ` Steven Rostedt
  0 siblings, 0 replies; 2+ messages in thread
From: Steven Rostedt @ 2022-06-08 15:17 UTC (permalink / raw)
  To: Namhyung Kim; +Cc: linux-trace-devel, Ian Rogers

On Mon,  6 Jun 2022 21:59:25 -0700
Namhyung Kim <namhyung@kernel.org> wrote:

> The field pointer is allocated and added to the fields list in a
> loop.  But it might refer the previous one if it fails to parse before
> allocating a new one.
> 
> In that case, it would free the previous field but didn't update the
> link of the list for the one before it.  Moreover, it doesn't need to
> free the previous one as it finished ok.  Let's reset the field
> pointer at the end of each iteration so that it cannot see the
> previous one.
> 
> This was found by a fuzz test with an event having only one field.
> 
> Signed-off-by: Namhyung Kim <namhyung@kernel.org>

Applied. Thanks Namhyung!

-- Steve


> ---
>  src/event-parse.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/src/event-parse.c b/src/event-parse.c
> index 8f4fb59..1ba2a78 100644
> --- a/src/event-parse.c
> +++ b/src/event-parse.c
> @@ -1902,6 +1902,7 @@ static int event_read_fields(struct tep_event *event, struct tep_format_field **
>  
>  		*fields = field;
>  		fields = &field->next;
> +		field = NULL;
>  
>  	} while (1);
>  


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-06-08 15:21 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-06-07  4:59 [PATCH] libtraceevent: Reset field properly in event_read_fields() Namhyung Kim
2022-06-08 15:17 ` Steven Rostedt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).