lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 14 Mar 2020 15:23:32 +0100 From: Jiri Olsa <jolsa@...hat.com> To: Ian Rogers <irogers@...gle.com> Cc: Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>, Arnaldo Carvalho de Melo <acme@...nel.org>, Mark Rutland <mark.rutland@....com>, Alexander Shishkin <alexander.shishkin@...ux.intel.com>, Namhyung Kim <namhyung@...nel.org>, linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com, Stephane Eranian <eranian@...gle.com> Subject: Re: [PATCH] perf mem2node: avoid double free related to realloc On Fri, Mar 13, 2020 at 09:28:26PM -0700, Ian Rogers wrote: > Realloc of size zero is a free not an error, avoid this causing a double > free. Caught by clang's address sanitizer: > > ==2634==ERROR: AddressSanitizer: attempting double-free on 0x6020000015f0 in thread T0: > #0 0x5649659297fd in free llvm/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:123:3 > #1 0x5649659e9251 in __zfree tools/lib/zalloc.c:13:2 > #2 0x564965c0f92c in mem2node__exit tools/perf/util/mem2node.c:114:2 > #3 0x564965a08b4c in perf_c2c__report tools/perf/builtin-c2c.c:2867:2 > #4 0x564965a0616a in cmd_c2c tools/perf/builtin-c2c.c:2989:10 > #5 0x564965944348 in run_builtin tools/perf/perf.c:312:11 > #6 0x564965943235 in handle_internal_command tools/perf/perf.c:364:8 > #7 0x5649659440c4 in run_argv tools/perf/perf.c:408:2 > #8 0x564965942e41 in main tools/perf/perf.c:538:3 > > 0x6020000015f0 is located 0 bytes inside of 1-byte region [0x6020000015f0,0x6020000015f1) > freed by thread T0 here: > #0 0x564965929da3 in realloc third_party/llvm/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:164:3 > #1 0x564965c0f55e in mem2node__init tools/perf/util/mem2node.c:97:16 > #2 0x564965a08956 in perf_c2c__report tools/perf/builtin-c2c.c:2803:8 > #3 0x564965a0616a in cmd_c2c tools/perf/builtin-c2c.c:2989:10 > #4 0x564965944348 in run_builtin tools/perf/perf.c:312:11 > #5 0x564965943235 in handle_internal_command tools/perf/perf.c:364:8 > #6 0x5649659440c4 in run_argv tools/perf/perf.c:408:2 > #7 0x564965942e41 in main tools/perf/perf.c:538:3 > > previously allocated by thread T0 here: > #0 0x564965929c42 in calloc third_party/llvm/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3 > #1 0x5649659e9220 in zalloc tools/lib/zalloc.c:8:9 > #2 0x564965c0f32d in mem2node__init tools/perf/util/mem2node.c:61:12 > #3 0x564965a08956 in perf_c2c__report tools/perf/builtin-c2c.c:2803:8 > #4 0x564965a0616a in cmd_c2c tools/perf/builtin-c2c.c:2989:10 > #5 0x564965944348 in run_builtin tools/perf/perf.c:312:11 > #6 0x564965943235 in handle_internal_command tools/perf/perf.c:364:8 > #7 0x5649659440c4 in run_argv tools/perf/perf.c:408:2 > #8 0x564965942e41 in main tools/perf/perf.c:538:3 > > Signed-off-by: Ian Rogers <irogers@...gle.com> > --- > tools/perf/util/mem2node.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/perf/util/mem2node.c b/tools/perf/util/mem2node.c > index 797d86a1ab09..7f97aa69eb65 100644 > --- a/tools/perf/util/mem2node.c > +++ b/tools/perf/util/mem2node.c > @@ -95,7 +95,7 @@ int mem2node__init(struct mem2node *map, struct perf_env *env) > > /* Cut unused entries, due to merging. */ > tmp_entries = realloc(entries, sizeof(*entries) * j); > - if (tmp_entries) > + if (j == 0 || tmp_entries) nice catch.. I wonder if we should fail in here, or at least warn that there're no entris.. which is really strange ;-) thanks, jirka > entries = tmp_entries; > > for (i = 0; i < j; i++) { > -- > 2.25.1.481.gfbce0eb801-goog >
Powered by blists - more mailing lists