| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Oct 2018 12:48:52 -0300
From: Arnaldo Carvalho de Melo <acme@...hat.com>
To: Sanskriti Sharma <sansharm@...hat.com>
Cc: linux-kernel@...r.kernel.org, Jiri Olsa <jolsa@...hat.com>,
Joe Lawrence <joe.lawrence@...hat.com>
Subject: Re: [PATCH 4/5] perf tools: avoid double free in read_event_file()
Em Tue, Oct 02, 2018 at 10:29:13AM -0400, Sanskriti Sharma escreveu:
> The temporary 'buf' buffer allocated in read_event_file() may be freed
> twice. Move the free() call to the common function exit point.
>
> Fixes the following coverity complaints:
>
> Error: USE_AFTER_FREE (CWE-825):
> tools/perf/util/trace-event-read.c:309: double_free: Calling "free"
> frees pointer "buf" which has already been freed.
Thanks, applied.
- Arnaldo
> Signed-off-by: Sanskriti Sharma <sansharm@...hat.com>
> ---
> tools/perf/util/trace-event-read.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/tools/perf/util/trace-event-read.c b/tools/perf/util/trace-event-read.c
> index 3dfc1db..6a0d0f2 100644
> --- a/tools/perf/util/trace-event-read.c
> +++ b/tools/perf/util/trace-event-read.c
> @@ -297,10 +297,8 @@ static int read_event_file(struct tep_handle *pevent, char *sys,
> }
>
> ret = do_read(buf, size);
> - if (ret < 0) {
> - free(buf);
> + if (ret < 0)
> goto out;
> - }
>
> ret = parse_event_file(pevent, buf, size, sys);
> if (ret < 0)
> --
> 1.8.3.1
Powered by blists - more mailing lists