2023-09-14 23:55:06

by Ian Rogers

[permalink] [raw]
Subject: [PATCH v1] perf parse-events: Fix tracepoint name memory leak

Fuzzing found that an invalid tracepoint name would create a memory
leak with an address sanitizer build:
```
$ perf stat -e '*:o/' true
event syntax error: '*:o/'
\___ parser error
Run 'perf list' for a list of valid events

Usage: perf stat [<options>] [<command>]

-e, --event <event> event selector. use 'perf list' to list available events

=================================================================
==59380==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4 byte(s) in 2 object(s) allocated from:
#0 0x7f38ac07077b in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:439
#1 0x55f2f41be73b in str util/parse-events.l:49
#2 0x55f2f41d08e8 in parse_events_lex util/parse-events.l:338
#3 0x55f2f41dc3b1 in parse_events_parse util/parse-events-bison.c:1464
#4 0x55f2f410b8b3 in parse_events__scanner util/parse-events.c:1822
#5 0x55f2f410d1b9 in __parse_events util/parse-events.c:2094
#6 0x55f2f410e57f in parse_events_option util/parse-events.c:2279
#7 0x55f2f4427b56 in get_value tools/lib/subcmd/parse-options.c:251
#8 0x55f2f4428d98 in parse_short_opt tools/lib/subcmd/parse-options.c:351
#9 0x55f2f4429d80 in parse_options_step tools/lib/subcmd/parse-options.c:539
#10 0x55f2f442acb9 in parse_options_subcommand tools/lib/subcmd/parse-options.c:654
#11 0x55f2f3ec99fc in cmd_stat tools/perf/builtin-stat.c:2501
#12 0x55f2f4093289 in run_builtin tools/perf/perf.c:322
#13 0x55f2f40937f5 in handle_internal_command tools/perf/perf.c:375
#14 0x55f2f4093bbd in run_argv tools/perf/perf.c:419
#15 0x55f2f409412b in main tools/perf/perf.c:535

SUMMARY: AddressSanitizer: 4 byte(s) leaked in 2 allocation(s).
```
Fix by adding the missing destructor.

Fixes: 865582c3f48e ("perf tools: Adds the tracepoint name parsing support")
Signed-off-by: Ian Rogers <[email protected]>
---
tools/perf/util/parse-events.y | 1 +
1 file changed, 1 insertion(+)

diff --git a/tools/perf/util/parse-events.y b/tools/perf/util/parse-events.y
index 786393106ae6..a41c5d265d8e 100644
--- a/tools/perf/util/parse-events.y
+++ b/tools/perf/util/parse-events.y
@@ -103,6 +103,7 @@ static void free_list_evsel(struct list_head* list_evsel)
%type <list_evsel> groups
%destructor { free_list_evsel ($$); } <list_evsel>
%type <tracepoint_name> tracepoint_name
+%destructor { free ($$.sys); free ($$.event); } <tracepoint_name>
%type <hardware_term> PE_TERM_HW
%destructor { free ($$.str); } <hardware_term>

--
2.42.0.283.g2d96d420d3-goog


2023-09-21 19:40:47

by Namhyung Kim

[permalink] [raw]
Subject: Re: [PATCH v1] perf parse-events: Fix tracepoint name memory leak

On Thu, Sep 14, 2023 at 9:40 AM Ian Rogers <[email protected]> wrote:
>
> Fuzzing found that an invalid tracepoint name would create a memory
> leak with an address sanitizer build:
> ```
> $ perf stat -e '*:o/' true
> event syntax error: '*:o/'
> \___ parser error
> Run 'perf list' for a list of valid events
>
> Usage: perf stat [<options>] [<command>]
>
> -e, --event <event> event selector. use 'perf list' to list available events
>
> =================================================================
> ==59380==ERROR: LeakSanitizer: detected memory leaks
>
> Direct leak of 4 byte(s) in 2 object(s) allocated from:
> #0 0x7f38ac07077b in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:439
> #1 0x55f2f41be73b in str util/parse-events.l:49
> #2 0x55f2f41d08e8 in parse_events_lex util/parse-events.l:338
> #3 0x55f2f41dc3b1 in parse_events_parse util/parse-events-bison.c:1464
> #4 0x55f2f410b8b3 in parse_events__scanner util/parse-events.c:1822
> #5 0x55f2f410d1b9 in __parse_events util/parse-events.c:2094
> #6 0x55f2f410e57f in parse_events_option util/parse-events.c:2279
> #7 0x55f2f4427b56 in get_value tools/lib/subcmd/parse-options.c:251
> #8 0x55f2f4428d98 in parse_short_opt tools/lib/subcmd/parse-options.c:351
> #9 0x55f2f4429d80 in parse_options_step tools/lib/subcmd/parse-options.c:539
> #10 0x55f2f442acb9 in parse_options_subcommand tools/lib/subcmd/parse-options.c:654
> #11 0x55f2f3ec99fc in cmd_stat tools/perf/builtin-stat.c:2501
> #12 0x55f2f4093289 in run_builtin tools/perf/perf.c:322
> #13 0x55f2f40937f5 in handle_internal_command tools/perf/perf.c:375
> #14 0x55f2f4093bbd in run_argv tools/perf/perf.c:419
> #15 0x55f2f409412b in main tools/perf/perf.c:535
>
> SUMMARY: AddressSanitizer: 4 byte(s) leaked in 2 allocation(s).
> ```
> Fix by adding the missing destructor.
>
> Fixes: 865582c3f48e ("perf tools: Adds the tracepoint name parsing support")
> Signed-off-by: Ian Rogers <[email protected]>

Applied to perf-tools-next, thanks!