Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1340915ybb; Sat, 4 Apr 2020 01:43:33 -0700 (PDT) X-Google-Smtp-Source: APiQypJ29xsSptWOhg5V8ej1UXOKlX6kMNFopqgYjPkWwk8d+8i563YeGuAEmFlInG+kXyBTzZ+S X-Received: by 2002:aca:6184:: with SMTP id v126mr5755969oib.168.1585989813180; Sat, 04 Apr 2020 01:43:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585989813; cv=none; d=google.com; s=arc-20160816; b=x8to8/3ATlepEpuCP7zFkvLJTkw2BucWErcYT6P85hUeYrR0cz3GQrhA/Cictl5hQG R0F2QWE/eLo31kEafgDaoOGgf4kMiKEgf6yBWhhUFJDud/WMEdo8p7X39BYkFlSYlh+X Wfqw2Z2zbZQPoA++GHqjM/FdoeztHOH9IgJImtXvbLW7xJ0gQXMgCYqNgpg0/fy/HGIf 5pRwJKIYe6riLKOPRbLIeVOVbPFGXbe0bigpcgH22rzsj+9+jJjHNtGLk9U9mdKJaLf6 ek8k0oOsjTlpLsoLVP0U2Utqcpj+GwGjIiFv6d4PeNIqvWHLbhMpKqmapuyq8VYzzhBi YwMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :robot-unsubscribe:robot-id:message-id:mime-version:references :in-reply-to:cc:subject:to:reply-to:from:date; bh=Df6lvrDVSxQ7QTnsr2xu7gUG4YWimlKaQcX0Oe2372A=; b=kiCFCTJCVyDwETZV4qgHSenXfh/RkOvViO0nKJnYGevCzzA4TXd0rXe5VGWUnyGLo+ 90tVBfyBU7ZvNfR6ignW/R2QzHo6zbyE6WxnKLAAzLCDajUizkDyXUoyJkaZTS/93CP4 ijpNHM5Y7NzvJcOs3aE0WhfiG0b87Or4BX0wxxKmDqv/6RNUy9YKD31DtJdkDnSbqoI6 YxShXGkYKGxcF3tH4+ahsKcpLkXT2YgGs4RZM68c9GRGIRDJDffFFvpD4J6GGsb5lbFA RENFzduQ9+qoDx0HkgRun7SZ7SxSvGImQgaj37YzboCJ9Ng2xrcQmN8IogKhhFwsaarD 965g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k193si4691812oih.78.2020.04.04.01.43.21; Sat, 04 Apr 2020 01:43:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726406AbgDDImB (ORCPT + 99 others); Sat, 4 Apr 2020 04:42:01 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:41475 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726302AbgDDIl4 (ORCPT ); Sat, 4 Apr 2020 04:41:56 -0400 Received: from [5.158.153.53] (helo=tip-bot2.lab.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1jKeN2-0000uW-Dy; Sat, 04 Apr 2020 10:41:40 +0200 Received: from [127.0.1.1] (localhost [IPv6:::1]) by tip-bot2.lab.linutronix.de (Postfix) with ESMTP id F38711C0243; Sat, 4 Apr 2020 10:41:39 +0200 (CEST) Date: Sat, 04 Apr 2020 08:41:39 -0000 From: "tip-bot2 for Andreas Gerstmayr" Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: perf/urgent] perf script: Fix invalid read of directory entry after closedir() Cc: Andreas Gerstmayr , Alexander Shishkin , Jiri Olsa , Mark Rutland , Namhyung Kim , Peter Zijlstra , Arnaldo Carvalho de Melo , x86 , LKML In-Reply-To: <20200402124337.419456-1-agerstmayr@redhat.com> References: <20200402124337.419456-1-agerstmayr@redhat.com> MIME-Version: 1.0 Message-ID: <158598969966.28353.9977084020476897493.tip-bot2@tip-bot2> X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the perf/urgent branch of tip: Commit-ID: 27486a85cb65bd258a9a213b3e95bdf8c24fd781 Gitweb: https://git.kernel.org/tip/27486a85cb65bd258a9a213b3e95bdf8c24fd781 Author: Andreas Gerstmayr AuthorDate: Thu, 02 Apr 2020 14:43:38 +02:00 Committer: Arnaldo Carvalho de Melo CommitterDate: Fri, 03 Apr 2020 10:03:18 -03:00 perf script: Fix invalid read of directory entry after closedir() closedir(lang_dir) frees the memory of script_dirent->d_name, which gets accessed in the next line in a call to scnprintf(). Valgrind report: Invalid read of size 1 ==413557== at 0x483CBE6: strlen (vg_replace_strmem.c:461) ==413557== by 0x4DD45FD: __vfprintf_internal (vfprintf-internal.c:1688) ==413557== by 0x4DE6679: __vsnprintf_internal (vsnprintf.c:114) ==413557== by 0x53A037: vsnprintf (stdio2.h:80) ==413557== by 0x53A037: scnprintf (vsprintf.c:21) ==413557== by 0x435202: get_script_path (builtin-script.c:3223) ==413557== Address 0x52e7313 is 1,139 bytes inside a block of size 32,816 free'd ==413557== at 0x483AA0C: free (vg_replace_malloc.c:540) ==413557== by 0x4E303C0: closedir (closedir.c:50) ==413557== by 0x4351DC: get_script_path (builtin-script.c:3222) Signed-off-by: Andreas Gerstmayr Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Mark Rutland Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lore.kernel.org/lkml/20200402124337.419456-1-agerstmayr@redhat.com Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/builtin-script.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/builtin-script.c b/tools/perf/builtin-script.c index 186ebf8..1f57a7e 100644 --- a/tools/perf/builtin-script.c +++ b/tools/perf/builtin-script.c @@ -3265,10 +3265,10 @@ static char *get_script_path(const char *script_root, const char *suffix) __script_root = get_script_root(script_dirent, suffix); if (__script_root && !strcmp(script_root, __script_root)) { free(__script_root); - closedir(lang_dir); closedir(scripts_dir); scnprintf(script_path, MAXPATHLEN, "%s/%s", lang_path, script_dirent->d_name); + closedir(lang_dir); return strdup(script_path); } free(__script_root);