| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Aug 2017 13:25:39 -0300
From: Arnaldo Carvalho de Melo <acme@...nel.org>
To: Andi Kleen <andi@...stfloor.org>
Cc: jolsa@...nel.org, linux-kernel@...r.kernel.org,
Andi Kleen <ak@...ux.intel.com>
Subject: Re: [PATCH 2/2] perf, tools: Avoid segfault on alias parse error
Em Thu, Aug 17, 2017 at 08:34:22AM -0700, Andi Kleen escreveu:
> > Humm, but don't we have that checked?
>
> At least not in the case of the segfault below.
Again:
tools/perf/util/parse-events.c
2523 void parse_events_evlist_error(struct parse_events_evlist *data,
2524 int idx, const char *str)
2525 {
2526 struct parse_events_error *err = data->error;
2527
2528 if (!err)
2529 return;
2530 err->idx = idx;
2531 err->str = strdup(str);
2532 WARN_ONCE(!err->str, "WARNING: failed to allocate error string");
2533 }
data->error _is_ being checked for NULL, and the hunk you added would
just change data->error from NULL (some other member is being assigned,
so all the other left unassigned will be set to zero) to something that
will then be set to something to then get ignored.
Looking at the intervening functions in the .y files...
- Arnaldo
> > > Segfault:
> > >
> > > #'0 0x00000000004d66d2 in parse_events_evlist_error (data=0x7fffffffce20, idx=6, str=0x76cda8 "parser error") at util/parse-events.c:2530
> > > #'1 0x0000000000516d0a in parse_events_error (loc=0x7fffffffb210, data=0x7fffffffce20, scanner=0x245b400, msg=0x76cb13 "syntax error") at util/parse-events.y:692
> > > #'2 0x000000000051675b in parse_events_parse (_data=0x7fffffffce20, scanner=0x245b400) at /home/ak/hle/obj-perf/util/parse-events-bison.c:2213
> > > #'3 0x00000000004d3fd6 in parse_events__scanner (str=0x725cff "event=0,", data=0x7fffffffce20, start_token=259) at util/parse-events.c:1646
> > > #'4 0x00000000004d4063 in parse_events_terms (terms=0x245b398, str=0x725cff "event=0,") at util/parse-events.c:1664
> > > #'5 0x00000000005179f1 in __perf_pmu__new_alias (list=0x7fffffffcf90, dir=0x0, name=0x725cec "unc_cha_clockticks", desc=0x725d08 "Uncore cache clock ticks. Unit: uncore_cha ",
> > > val=0x725cff "event=0,", long_desc=0x0, topic=0x725d34 "uncore other", unit=0x0, perpkg=0x6ca7c6 "1", metric_expr=0x0, metric_name=0x0) at util/pmu.c:255
> > > #'6 0x0000000000518789 in pmu_add_cpu_aliases (head=0x7fffffffcf90, name=0x2450903 "uncore_cha_9") at util/pmu.c:571
> > > #'7 0x00000000005188ac in pmu_lookup (name=0x2450903 "uncore_cha_9") at util/pmu.c:613
> > > #'8 0x0000000000518aff in perf_pmu__find (name=0x2450903 "uncore_cha_9") at util/pmu.c:672
> > > #'9 0x00000000005183d5 in pmu_read_sysfs () at util/pmu.c:467
> > > #'10 0x0000000000518a54 in perf_pmu__scan (pmu=0x0) at util/pmu.c:651
> > > #'11 0x0000000000519f26 in print_pmu_events (event_glob=0x0, name_only=false, quiet_flag=false, long_desc=false, details_flag=false) at util/pmu.c:1173
> > > #'12 0x00000000004d5ef0 in print_events (event_glob=0x0, name_only=false, quiet_flag=false, long_desc=false, details_flag=false) at util/parse-events.c:2343
> > > #'13 0x000000000043c7d4 in cmd_list (argc=0, argv=0x7fffffffeb90) at builtin-list.c:56
> > > #'14 0x00000000004ab2c8 in run_builtin (p=0xa281a0 <commands+192>, argc=1, argv=0x7fffffffeb90) at perf.c:296
> > > #15 0x00000000004ab535 in handle_internal_command (argc=1, argv=0x7fffffffeb90) at perf.c:348
> > > #16 0x00000000004ab687 in run_argv (argcp=0x7fffffffe9ec, argv=0x7fffffffe9e0) at perf.c:392
> > > #17 0x00000000004aba55 in main (argc=1, argv=0x7fffffffeb90) at perf.c:530
> > >
Powered by blists - more mailing lists