Re: [PATCH] fix double free issue in event_read_print_args

linux-trace-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Steven Rostedt <rostedt@goodmis.org>
To: Totoro W <tw19881113@gmail.com>
Cc: linux-trace-devel@vger.kernel.org
Subject: Re: [PATCH] fix double free issue in event_read_print_args
Date: Fri, 28 Jun 2024 11:35:36 -0400	[thread overview]
Message-ID: <20240628113536.0643fcc7@rorschach.local.home> (raw)
In-Reply-To: <CAFrM9ztDcGK4aP51uJEsQStyyf1tXebOKXiT-Ota2-gT3wVLyA@mail.gmail.com>

On Thu, 27 Jun 2024 14:51:42 +0800
Totoro W <tw19881113@gmail.com> wrote:

> commit cb227dfc63346a23fd019f2146b4f9f4f5a58b6a (HEAD -> fix_double_free)
> Author: Tw <tw19881113@gmail.com>
> Date:   Thu Jun 27 14:40:09 2024 +0800
> 
>     Fix double free issue in event_read_print_args
> 
>     The corner case is that when we encounter a invalid right argument
> of a condition operation.
>     Currently, we free token immediately, but it will also be freed
> when free `arg->op.op`.
> 
>     BTW, the crash calltrace as follows:
> 
>     Program received signal SIGSEGV, Segmentation fault.
>     get_meta (p=<optimized out>) at
> /home/tw/code/zig/build/stage3/lib/zig/libc/musl/src/malloc/mallocng/meta.h:141
>     141     /home/tw/code/zig/build/stage3/lib/zig/libc/musl/src/malloc/mallocng/meta.h:
> No such file or directory.
>     (gdb) bt
>         at /home/tw/code/zig/build/stage3/lib/zig/libc/musl/src/malloc/mallocng/meta.h:141
>         at /home/tw/code/zig/build/stage3/lib/zig/libc/musl/src/malloc/mallocng/free.c:105
>         at /tmp/.cache/zig/p/12207a2e4477bf4414e7df3eb2172c698ab916695a0d3eefbf16f65b0c969dd81184/src/event-parse.c:1128
>         list@entry=0x7ff7b18768)
>         at /tmp/.cache/zig/p/12207a2e4477bf4414e7df3eb2172c698ab916695a0d3eefbf16f65b0c969dd81184/src/event-parse.c:1417
>         at /tmp/.cache/zig/p/12207a2e4477bf4414e7df3eb2172c698ab916695a0d3eefbf16f65b0c969dd81184/src/event-parse.c:3895
>         sys=<optimized out>)
>         at /tmp/.cache/zig/p/12207a2e4477bf4414e7df3eb2172c698ab916695a0d3eefbf16f65b0c969dd81184/src/event-parse.c:7824
>         size=<optimized out>, sys=sys@entry=0x7ff7ff51c0 "kvm")
>         at /tmp/.cache/zig/p/12207a2e4477bf4414e7df3eb2172c698ab916695a0d3eefbf16f65b0c969dd81184/src/event-parse.c:7882
>         buf=0x7ff7b0c610 "kvm_sys_access", size=549616874800,
> sys=0x7fffffe0b2 "me", sys@entry=0x7ff7ff51c0 "kvm")
>         at /tmp/.cache/zig/p/12207a2e4477bf4414e7df3eb2172c698ab916695a0d3eefbf16f65b0c969dd81184/src/event-parse.c:7945
>         tracing_dir=tracing_dir@entry=0x7ff7ffc660
> "/sys/kernel/tracing", system=system@entry=0x7ff7ff51c0 "kvm",
>         check=false)
>         at /tmp/.cache/zig/p/1220c1c006cbf05434d240b65f343c84f3d7f837fbef31f2cade733ec911cc3ed76b/src/tracefs-events.c:1062
>         system=0x7ff7ff51c0 "kvm")
>         at /tmp/.cache/zig/p/1220c1c006cbf05434d240b65f343c84f3d7f837fbef31f2cade733ec911cc3ed76b/src/tracefs-events.c:1084
>         tep=tep@entry=0x7ff7ffc830, sys_names=sys_names@entry=0x0,
> parsing_failures=0x0,
>         parsing_failures@entry=0x7fffffe7b0)
>         at /tmp/.cache/zig/p/1220c1c006cbf05434d240b65f343c84f3d7f837fbef31f2cade733ec911cc3ed76b/src/tracefs-events.c:1284
>         sys_names@entry=0x7ffffff880)
>         at /tmp/.cache/zig/p/1220c1c006cbf05434d240b65f343c84f3d7f837fbef31f2cade733ec911cc3ed76b/src/tracefs-events.c:1355
>         tracing_dir=0x6500006c6f6f62 <error: Cannot access memory at
> address 0x6500006c6f6f62>)
>         at /tmp/.cache/zig/p/1220c1c006cbf05434d240b65f343c84f3d7f837fbef31f2cade733ec911cc3ed76b/src/tracefs-events.c:1377
> 
>     Signed-off-by: Tw <tw19881113@gmail.com>

It's best to use git sendmail, for sending patches, as it will send them properly.

-- Steve

next prev parent reply	other threads:[~2024-06-28 15:35 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-27  6:51 [PATCH] fix double free issue in event_read_print_args Totoro W
2024-06-28 15:35 ` Steven Rostedt [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-06-28  1:51 Totoro W
2024-06-28 15:34 ` Steven Rostedt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240628113536.0643fcc7@rorschach.local.home \
    --to=rostedt@goodmis.org \
    --cc=linux-trace-devel@vger.kernel.org \
    --cc=tw19881113@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).