| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181002154752.GD9457@redhat.com>
Date: Tue, 2 Oct 2018 12:47:52 -0300
From: Arnaldo Carvalho de Melo <acme@...hat.com>
To: Sanskriti Sharma <sansharm@...hat.com>
Cc: linux-kernel@...r.kernel.org, Jiri Olsa <jolsa@...hat.com>,
Joe Lawrence <joe.lawrence@...hat.com>
Subject: Re: [PATCH 3/5] perf tools: free 'printk' string in
parse_ftrace_printk()
Em Tue, Oct 02, 2018 at 10:29:12AM -0400, Sanskriti Sharma escreveu:
> parse_ftrace_printk() tokenizes and parses a line, calling strdup() each
> iteration. Add code to free this temporary format string duplicate.
>
> Fixes the following coverity complaints:
>
> Error: RESOURCE_LEAK (CWE-772):
> tools/perf/util/trace-event-parse.c:158: overwrite_var: Overwriting
> "printk" in "printk = strdup(fmt + 1)" leaks the storage that "printk"
> points to.
>
> tools/perf/util/trace-event-parse.c:162: leaked_storage: Variable
> "printk" going out of scope leaks the storage it points to.
Thanks, applied.
- Arnaldo
> Signed-off-by: Sanskriti Sharma <sansharm@...hat.com>
> ---
> tools/perf/util/trace-event-parse.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/tools/perf/util/trace-event-parse.c b/tools/perf/util/trace-event-parse.c
> index e76214f..b15a9bf 100644
> --- a/tools/perf/util/trace-event-parse.c
> +++ b/tools/perf/util/trace-event-parse.c
> @@ -158,6 +158,7 @@ void parse_ftrace_printk(struct tep_handle *pevent,
> printk = strdup(fmt+1);
> line = strtok_r(NULL, "\n", &next);
> tep_register_print_string(pevent, printk, addr);
> + free(printk);
> }
> }
>
> --
> 1.8.3.1
Powered by blists - more mailing lists