| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Nov 2015 03:12:37 +0000
From: 平松雅巳 / HIRAMATU,MASAMI
<masami.hiramatsu.pt@...achi.com>
To: "'Namhyung Kim'" <namhyung@...il.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>
CC: Peter Zijlstra <a.p.zijlstra@...llo.nl>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Adrian Hunter <adrian.hunter@...el.com>,
"Ingo Molnar" <mingo@...hat.com>,
Namhyung Kim <namhyung@...nel.org>,
Jiri Olsa <jolsa@...hat.com>
Subject: RE: [PATCH perf/core 01/13] perf probe: Fix to free temporal
Dwarf_Frame
From: Namhyung Kim [mailto:namhyung@...il.com]
>On November 19, 2015 7:36:39 AM GMT+09:00, Arnaldo Carvalho de Melo <acme@...nel.org> wrote:
>>Em Wed, Nov 18, 2015 at 03:40:12PM +0900, Masami Hiramatsu escreveu:
>>> Since dwarf_cfi_addrframe returns malloc'd Dwarf_Frame
>>> object, it has to be freed after used.
>>
>>Applied to perf/urgent
>>
>>> Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>
>>> ---
>>> tools/perf/util/probe-finder.c | 9 ++++++---
>>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/tools/perf/util/probe-finder.c
>>b/tools/perf/util/probe-finder.c
>>> index 63993d7..4d7d4f4 100644
>>> --- a/tools/perf/util/probe-finder.c
>>> +++ b/tools/perf/util/probe-finder.c
>>> @@ -683,21 +683,24 @@ static int call_probe_finder(Dwarf_Die *sc_die,
>>struct probe_finder *pf)
>>> ret = dwarf_getlocation_addr(&fb_attr, pf->addr, &pf->fb_ops,
>>&nops, 1);
>>> if (ret <= 0 || nops == 0) {
>>> pf->fb_ops = NULL;
>>> + ret = 0;
>>> #if _ELFUTILS_PREREQ(0, 142)
>>> } else if (nops == 1 && pf->fb_ops[0].atom == DW_OP_call_frame_cfa
>>&&
>>> pf->cfi != NULL) {
>>> - Dwarf_Frame *frame;
>>> + Dwarf_Frame *frame = NULL;
>>> if (dwarf_cfi_addrframe(pf->cfi, pf->addr, &frame) != 0 ||
>>> dwarf_frame_cfa(frame, &pf->fb_ops, &nops) != 0) {
>
>What if dwarf_cfi_addrframe() succeeded but
>dwarf_frame_cfa() failed? It seems that the frame
>still can be leaked..
No, it is also caught by free(). Please see below,
>
>>> pr_warning("Failed to get call frame on 0x%jx\n",
>>> (uintmax_t)pf->addr);
>>> - return -ENOENT;
>>> + ret = -ENOENT;
I've replaced "return -ENOENT" with "ret = -ENOENT", so this fall down
>>> }
>>> + free(frame);
and free the frame :) (and if frame == NULL, it is just ignored)
Thank you!
>>> #endif
>>> }
>>>
>>> /* Call finder's callback handler */
>>> - ret = pf->callback(sc_die, pf);
>>> + if (ret >= 0)
>>> + ret = pf->callback(sc_die, pf);
>>>
>>> /* *pf->fb_ops will be cached in libdw. Don't free it. */
>>> pf->fb_ops = NULL;
>
>Hi Arnaldo and Masami,
>--
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
Powered by blists - more mailing lists