Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1840002ybb; Thu, 2 Apr 2020 08:17:13 -0700 (PDT) X-Google-Smtp-Source: APiQypJf9AWaBeTZVdU7RIDSZ4v6Fo4A9WywuwMDRUtnoWp7Si4uQ3pHhl+Z3Af7upcK1syCjGLW X-Received: by 2002:aca:c70f:: with SMTP id x15mr2580316oif.80.1585840632794; Thu, 02 Apr 2020 08:17:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585840632; cv=none; d=google.com; s=arc-20160816; b=ycJ1IT/4DMhOXtQEYdJfew56ZsMkq715lg4iL2m71HqjLgrydmEQfOOWjOENGsiBm+ 4OYMmrDWBJMPPvgJtSG/usPHppd04qmZc3+chGniPOOVZOx3JzkjowttrDr8L0UnNw4Z x8vqk/qgyaRLGezU/S2kwfOr4PyXOEnKmvArnEI2DBScHSKd6RWVO1r8PYS9AtUSNio8 5r682StyVydJg3SN2Y9iE6w58nnAnrkS1Ijg2F0YMbNW1JNxTbWhsPNWwLgub658fqtT I0tIuRcJrUrG1u0l+5NN+ZvHP9B9raKkPpe1gfFVf4LiJ1HKo8rwjTXu9L61oYkVHeVH YKgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:date:from :dkim-signature; bh=7DOnlMAmUGrvuNJe9zRYvf+vBCh6g5Wg70XvECaItbA=; b=qlj0j7CXehoBtba+KfRtypa+SYHHve9qOCwWu1XfgTr2QD5shgVJOrNkHuBDaUkMJf c+O7srZ8M8nDNS1L009W1FYTaHYadIoCCIaLTSivRIvgpbxIdLrV8KQvPKT5DXMGx+7F X+qUn65aUt3K5E7dtyyUZNROXxchcGAGh7wEdv0JE/7+TQLguMwT/7pKVvTYCso384eY Cs0CSNgVk2XV7rxNBC2Bb2TzpEVhfNaGcrANkhZ3/FyjrZpgboLUggbCCcYVJq96BBhs xk6yVD715M0tn/sqvYwb7YlY3ymR2DP6p3zg43K+Bgjr7pefgPPsDpKKU7TCpgxDpbF1 I5xA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=tykPZ8QP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i187si2543788oif.89.2020.04.02.08.16.55; Thu, 02 Apr 2020 08:17:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=tykPZ8QP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388978AbgDBPPl (ORCPT + 99 others); Thu, 2 Apr 2020 11:15:41 -0400 Received: from mail-qv1-f66.google.com ([209.85.219.66]:40099 "EHLO mail-qv1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388234AbgDBPPl (ORCPT ); Thu, 2 Apr 2020 11:15:41 -0400 Received: by mail-qv1-f66.google.com with SMTP id bp12so1821206qvb.7; Thu, 02 Apr 2020 08:15:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=7DOnlMAmUGrvuNJe9zRYvf+vBCh6g5Wg70XvECaItbA=; b=tykPZ8QP/Lz82M2xLKPH0CjS8kdpF4ZkBbWYRzd9VH4EMM39PGBnDa6u702X42gjkI n8wirJpSKbJWcwkwQhfZdYdg591Cb8MYQ8ZV+jB6BPxEqHKDuD97SMiIy3NfJxQUPMM+ mX9HtMgcnmIVbSXEXOktfB1/3YANrldGHXkH6UJtfczPYi2OFZ9CidYkEUNTPVixl9eH Us6fXD2l3I4OTsmHC4XHhJcNpnM4PIyVz/icbU/qocAQ5G819CVQaILl0RO9YH/DHDez zihbK9DfCpbTHIxXFEWbJxVoHH5suZr8rZzO1XlWEDV8ZTwfA0y+dVxKs5EdIMReHnu/ +v9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=7DOnlMAmUGrvuNJe9zRYvf+vBCh6g5Wg70XvECaItbA=; b=FUPioPyh6nUsmL2vPLOloLGjlFjZcv5d3eDdDCY3Fq69JGWEgRTl9nTR5ei78qrzx6 uAONyc+rPReoRSoPsuoSbUVXaV4aS8SF5wHSJbNWyOG+nDKEQCURgqTCy3s50tJGc1Nj SiJXqBliQLCSOdL45gGYgP9EBdvqLE49P4/n2AmTVhbx8SclYpkEC78kqjSoor9LopNU tEZwiGzpgj1jUHDSKMJIfJSky7GDpr9ZTBxQZU1tBZK9m13YndHWJyh5ZKgnJbjVfeZU TkLfSZd2Uh4u2j6hSxr+8qFUb+BbQqaqcRC07mHr31ZantVqr62W/TD3hmWH0QOnDJYt DSCw== X-Gm-Message-State: AGi0PuZmG/nwYXfd9gR7BynKc9EpNQC912h8XA9P4ORHQVm+389ny380 3anyBYXT9DobPDsfA2c1AQE= X-Received: by 2002:a0c:f684:: with SMTP id p4mr3598084qvn.172.1585840540410; Thu, 02 Apr 2020 08:15:40 -0700 (PDT) Received: from quaco.ghostprotocols.net ([179.97.37.151]) by smtp.gmail.com with ESMTPSA id f11sm1460510qkh.41.2020.04.02.08.15.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Apr 2020 08:15:39 -0700 (PDT) From: Arnaldo Carvalho de Melo X-Google-Original-From: Arnaldo Carvalho de Melo Received: by quaco.ghostprotocols.net (Postfix, from userid 1000) id 981C9409A3; Thu, 2 Apr 2020 12:15:37 -0300 (-03) Date: Thu, 2 Apr 2020 12:15:37 -0300 To: Andreas Gerstmayr Cc: linux-perf-users@vger.kernel.org, Peter Zijlstra , Ingo Molnar , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , linux-kernel@vger.kernel.org Subject: Re: [PATCH] perf script: fix invalid read Message-ID: <20200402151537.GA8736@kernel.org> References: <05e0d633-54b4-fb3b-3d08-8963271017ea@amd.com> <20200402124337.419456-1-agerstmayr@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200402124337.419456-1-agerstmayr@redhat.com> X-Url: http://acmel.wordpress.com Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Em Thu, Apr 02, 2020 at 02:43:38PM +0200, Andreas Gerstmayr escreveu: > closedir(lang_dir) frees the memory of script_dirent->d_name, which > gets accessed in the next line in a call to scnprintf(). > > Valgrind report: > > Invalid read of size 1 > ==413557== at 0x483CBE6: strlen (vg_replace_strmem.c:461) > ==413557== by 0x4DD45FD: __vfprintf_internal (vfprintf-internal.c:1688) > ==413557== by 0x4DE6679: __vsnprintf_internal (vsnprintf.c:114) > ==413557== by 0x53A037: vsnprintf (stdio2.h:80) > ==413557== by 0x53A037: scnprintf (vsprintf.c:21) > ==413557== by 0x435202: get_script_path (builtin-script.c:3223) > ==413557== Address 0x52e7313 is 1,139 bytes inside a block of size 32,816 free'd > ==413557== at 0x483AA0C: free (vg_replace_malloc.c:540) > ==413557== by 0x4E303C0: closedir (closedir.c:50) > ==413557== by 0x4351DC: get_script_path (builtin-script.c:3222) Thanks, applied to perf/urgent. - Arnaldo > Signed-off-by: Andreas Gerstmayr > --- > tools/perf/builtin-script.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/perf/builtin-script.c b/tools/perf/builtin-script.c > index 656b347f6dd8..170af13b4d53 100644 > --- a/tools/perf/builtin-script.c > +++ b/tools/perf/builtin-script.c > @@ -3218,10 +3218,10 @@ static char *get_script_path(const char *script_root, const char *suffix) > __script_root = get_script_root(script_dirent, suffix); > if (__script_root && !strcmp(script_root, __script_root)) { > free(__script_root); > - closedir(lang_dir); > closedir(scripts_dir); > scnprintf(script_path, MAXPATHLEN, "%s/%s", > lang_path, script_dirent->d_name); > + closedir(lang_dir); > return strdup(script_path); > } > free(__script_root); > -- > 2.25.1 > -- - Arnaldo