| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 May 2020 16:52:02 -0700
From: Ian Rogers <irogers@...gle.com>
To: Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...hat.com>,
Namhyung Kim <namhyung@...nel.org>,
Adrian Hunter <adrian.hunter@...el.com>,
Leo Yan <leo.yan@...aro.org>,
Jin Yao <yao.jin@...ux.intel.com>, linux-kernel@...r.kernel.org
Cc: Stephane Eranian <eranian@...gle.com>,
Ian Rogers <irogers@...gle.com>
Subject: [PATCH] perf parse-events: Avoid free on non malloc-ed memory
Caught by libfuzzer, there is a segfault with:
$ perf stat -e i/bs,tsc,L2/o sleep 1
As a config_term is added that isn't a string.
Fixes: e8dfb81838b1 (perf parse-events: Fix memory leaks found on parse_events)
Signed-off-by: Ian Rogers <irogers@...gle.com>
---
tools/perf/util/parse-events.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c
index e9464b04f149..e37a6a3e6217 100644
--- a/tools/perf/util/parse-events.c
+++ b/tools/perf/util/parse-events.c
@@ -1480,7 +1480,8 @@ int parse_events_add_pmu(struct parse_events_state *parse_state,
list_for_each_entry_safe(pos, tmp, &config_terms, list) {
list_del_init(&pos->list);
- zfree(&pos->val.str);
+ if (pos->free_str)
+ zfree(&pos->val.str);
free(pos);
}
return -EINVAL;
--
2.26.2.645.ge9eca65c58-goog
Powered by blists - more mailing lists