| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Aug 2018 10:07:22 +0200
From: Jiri Olsa <jolsa@...hat.com>
To: Stephane Eranian <eranian@...gle.com>
Cc: linux-kernel@...r.kernel.org, acme@...hat.com,
peterz@...radead.org, mingo@...e.hu
Subject: Re: [PATCH v2] perf ordered_events: fix crash in free_dup_event()
On Wed, Aug 08, 2018 at 03:33:20PM -0700, Stephane Eranian wrote:
> This patch fixes a bug in ordered_event.c:alloc_event().
> An ordered_event struct was not initialized properly potentially
> causing crashes later on in free_dup_event() depending on the
> content of the memory. If it was NULL, then it would work fine,
> otherwise, it could cause crashes such as:
I'm now little puzzled what do we use this first event for..
I can't see anything special about it, other than it's added
on the list uninitialized ;-)
it seems to work properly when we ditch it.. might be some
prehistoric leftover or I'm terribly missing something
thanks,
jirka
---
diff --cc tools/perf/util/ordered-events.c
index bad9e0296e9a,0e837b0b8582..000000000000
--- a/tools/perf/util/ordered-events.c
+++ b/tools/perf/util/ordered-events.c
@@@ -119,12 -119,8 +119,9 @@@ static struct ordered_event *alloc_even
pr("alloc size %" PRIu64 "B (+%zu), max %" PRIu64 "B\n",
oe->cur_alloc_size, size, oe->max_alloc_size);
+ oe->cur_alloc_size += size;
- list_add(&oe->buffer->list, &oe->to_free);
-
- /* First entry is abused to maintain the to_free list. */
- oe->buffer_idx = 2;
- new = oe->buffer + 1;
+ oe->buffer_idx = 1;
+ new = oe->buffer;
} else {
pr("allocation limit reached %" PRIu64 "B\n", oe->max_alloc_size);
}
Powered by blists - more mailing lists