lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAM9d7chDMu4Cye2QGvbzzPRc8HNtM31despY0ohW_peEqjgsmg@mail.gmail.com>
Date:	Thu, 12 May 2016 21:57:13 +0900
From:	Namhyung Kim <namhyung@...nel.org>
To:	Steven Rostedt <rostedt@...dmis.org>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	Ingo Molnar <mingo@...nel.org>
Subject: Re: [PATCH] tools lib traceevent: Do not reassign parg after collapse_tree()

Hi Steve,

On Thu, May 12, 2016 at 4:09 AM, Steven Rostedt <rostedt@...dmis.org> wrote:
>
> At the end of process_filter(), collapse_tree() was changed to update the
> parg parameter, but the reassignment after the call wasn't removed.
> What happens is that the "current_op" gets modified and freed and parg
> is assigned to the new allocated argument. But after the call to
> collapse_tree(), parg is assigned again to the just freed "current_op",
> and this causes the tool to crash.
>
> current_op must also be assigned to NULL in case of error, otherwise it
> will cause it to be free()ed twice.
>
> Cc: stable@...r.kernel.org # 3.14+
> Fixes: 42d6194d133c ("tools lib traceevent: Refactor process_filter()")
> Signed-off-by: Steven Rostedt <rostedt@...dmis.org>

Acked-by: Namhyung Kim <namhyung@...nel.org>

Thanks,
Namhyung


> ---
>  tools/lib/traceevent/parse-filter.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tools/lib/traceevent/parse-filter.c b/tools/lib/traceevent/parse-filter.c
> index 0144b3d1bb77..88cccea3ca99 100644
> --- a/tools/lib/traceevent/parse-filter.c
> +++ b/tools/lib/traceevent/parse-filter.c
> @@ -1164,11 +1164,11 @@ process_filter(struct event_format *event, struct filter_arg **parg,
>                 current_op = current_exp;
>
>         ret = collapse_tree(current_op, parg, error_str);
> +       /* collapse_tree() may free current_op, and updates parg accordingly */
> +       current_op = NULL;
>         if (ret < 0)
>                 goto fail;
>
> -       *parg = current_op;
> -
>         free(token);
>         return 0;
>
> --
> 1.8.3.1
>



-- 
Thanks,
Namhyung

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ