lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sun, 14 Jun 2020 21:50:41 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Gaurav Singh <gaurav1086@...il.com>
Cc:     Arnaldo Carvalho de Melo <acme@...hat.com>,
        Tzvetomir Stoyanov <tstoyanov@...are.com>,
        Konstantin Khlebnikov <khlebnikov@...dex-team.ru>,
        Sakari Ailus <sakari.ailus@...ux.intel.com>,
        linux-kernel@...r.kernel.org (open list)
Subject: Re: [PATCH] [traceevent] add_new_comm(): Fix memory leak

On Sun, 14 Jun 2020 14:14:53 -0400
Gaurav Singh <gaurav1086@...il.com> wrote:

> The pointer cmdlines need to be explicity freed in case the
> realloc() fails. Fix it by adding a free() if realloc()
> returns a NULL pointer.
> 
> Signed-off-by: Gaurav Singh <gaurav1086@...il.com>
> ---
>  tools/lib/traceevent/event-parse.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c
> index e1bd2a93c6db..7f0133420931 100644
> --- a/tools/lib/traceevent/event-parse.c
> +++ b/tools/lib/traceevent/event-parse.c
> @@ -284,12 +284,13 @@ static int add_new_comm(struct tep_handle *tep,
>  		return 0;
>  	}
>  
> -	cmdlines = realloc(cmdlines, sizeof(*cmdlines) * (tep->cmdline_count + 1));
> -	if (!cmdlines) {
> +	struct tep_cmdline *new_cmdlines = realloc(cmdlines, sizeof(*cmdlines) * (tep->cmdline_count + 1));
> +	if (!new_cmdlines) {
> +		free(cmdlines);
>  		errno = ENOMEM;

NAK! This was fine as is.

What you just did was make tep->cmdline point to freed data, which will
crash later on when tep is freed, and we free tep->cmdline.

If we fail to realloc, then the caller of add_new_comm will get the report
that it failed, and then can determine what to do next. We don't want to
touch tep->cmdline on failure.

-- Steve


>  		return -1;
>  	}
> -	tep->cmdlines = cmdlines;
> +	tep->cmdlines = new_cmdlines;
>  
>  	key.comm = strdup(comm);
>  	if (!key.comm) {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ