Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp4414141pxa; Mon, 10 Aug 2020 08:32:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxcaQ4ZiRnZXMIpPvd3Ccj9HVsSbNPJPNH2pq6q+KROFb0jo+FO4nL74Qi7/+HLtyezQIkr X-Received: by 2002:a17:906:8608:: with SMTP id o8mr23277748ejx.156.1597073531630; Mon, 10 Aug 2020 08:32:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597073531; cv=none; d=google.com; s=arc-20160816; b=YKWEYgSaYgIrLdZ4ogq+KwLdegtZAtYRl1tK+wxww8hy9OgIlR6BylUoyxtcoCOd4Z K7pCwMbqNo8PHClsqowiZPB4pYtqdPDKe6T9wo8/pUSc34zODPp9R1KGlFchyLUvMRlM dBdgNyYiXFR0Rm1CYEEGt+KEUbC5I9Tyfbv2xbX2aXhQHsHILHX2Qe7u+ADMgSt6QJbW NKDZ2SsNjN7kz8xRbeIzlmU4EtwJoj4vbdd9vCC+A1kKqJER3RpTGluFup7CfE+RwTi3 H+e6IevSLrQqyALQsWm+KPrCtqHRtxFU9J1zhwsGego5cJYeqToceGNG6rTgfT2g3nhO tS7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=i6wI8AP0q4bgPddS6jg0vQeg0Xw2yiUHIEYvpmguFfo=; b=XuAOdDnhKER0s+3PRv8ixq0TA37O3UHtPJQGv+iIPVoWwsBiKQnwcPb69rMOPH8HoV A67zXR/nN939FdSEjSnz/CQFc+g6cCPYF/hDyCy7C7AcbpUbExlxaZ+YfztVvV4ZGUVG n5Nprbvu8p1Fu+JQz2KsW//gnF3JDX0owKJOHybpRtpZJVyeBTTX7rXVLrOiGsvEBsGb lXpBah3yKbBRM/bdDO+Z4L0vaTw+EotvxSx/2nyYm3FnWj2Mt0wMiKwEEhBKbLCgUYWH hGgrE2Fjq7cZeWndZPFVsiBChAtg+57xZkDXVwfOUAM5QwsmsS8Evf5sZaoOqtA2eIKt iyDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=aBLvDmHB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id lc6si5101982ejb.23.2020.08.10.08.31.48; Mon, 10 Aug 2020 08:32:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=aBLvDmHB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729202AbgHJPbW (ORCPT + 99 others); Mon, 10 Aug 2020 11:31:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:38720 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729199AbgHJPbU (ORCPT ); Mon, 10 Aug 2020 11:31:20 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3546020791; Mon, 10 Aug 2020 15:31:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597073479; bh=Ka0X3R84+wL9sJ0uP64uoi5nGecyy9yu9g4zvt3PM+o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aBLvDmHB0TFvbbfwXCOyM4FQmjlxrFy4Imx8PcH2zPXK1bo0cwbi0Qn2eBAj+VDbm WTGlZOWQZkmqW+icMT1PHElg6NXDOg4e4CkURVacteuDsojrCQMUBL6kMJKr/GqobQ NQMc8wMnXNVFVOegY4nfzT4fIAnLY4+RlL5hOTH0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Philippe Duplessis-Guindon , "Steven Rostedt (VMware)" , Arnaldo Carvalho de Melo , Sasha Levin Subject: [PATCH 4.19 29/48] tools lib traceevent: Fix memory leak in process_dynamic_array_len Date: Mon, 10 Aug 2020 17:21:51 +0200 Message-Id: <20200810151805.639628728@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200810151804.199494191@linuxfoundation.org> References: <20200810151804.199494191@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Philippe Duplessis-Guindon [ Upstream commit e24c6447ccb7b1a01f9bf0aec94939e6450c0b4d ] I compiled with AddressSanitizer and I had these memory leaks while I was using the tep_parse_format function: Direct leak of 28 byte(s) in 4 object(s) allocated from: #0 0x7fb07db49ffe in __interceptor_realloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dffe) #1 0x7fb07a724228 in extend_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:985 #2 0x7fb07a724c21 in __read_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1140 #3 0x7fb07a724f78 in read_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1206 #4 0x7fb07a725191 in __read_expect_type /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1291 #5 0x7fb07a7251df in read_expect_type /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1299 #6 0x7fb07a72e6c8 in process_dynamic_array_len /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:2849 #7 0x7fb07a7304b8 in process_function /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3161 #8 0x7fb07a730900 in process_arg_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3207 #9 0x7fb07a727c0b in process_arg /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1786 #10 0x7fb07a731080 in event_read_print_args /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3285 #11 0x7fb07a731722 in event_read_print /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3369 #12 0x7fb07a740054 in __tep_parse_format /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6335 #13 0x7fb07a74047a in __parse_event /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6389 #14 0x7fb07a740536 in tep_parse_format /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6431 #15 0x7fb07a785acf in parse_event ../../../src/fs-src/fs.c:251 #16 0x7fb07a785ccd in parse_systems ../../../src/fs-src/fs.c:284 #17 0x7fb07a786fb3 in read_metadata ../../../src/fs-src/fs.c:593 #18 0x7fb07a78760e in ftrace_fs_source_init ../../../src/fs-src/fs.c:727 #19 0x7fb07d90c19c in add_component_with_init_method_data ../../../../src/lib/graph/graph.c:1048 #20 0x7fb07d90c87b in add_source_component_with_initialize_method_data ../../../../src/lib/graph/graph.c:1127 #21 0x7fb07d90c92a in bt_graph_add_source_component ../../../../src/lib/graph/graph.c:1152 #22 0x55db11aa632e in cmd_run_ctx_create_components_from_config_components ../../../src/cli/babeltrace2.c:2252 #23 0x55db11aa6fda in cmd_run_ctx_create_components ../../../src/cli/babeltrace2.c:2347 #24 0x55db11aa780c in cmd_run ../../../src/cli/babeltrace2.c:2461 #25 0x55db11aa8a7d in main ../../../src/cli/babeltrace2.c:2673 #26 0x7fb07d5460b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) The token variable in the process_dynamic_array_len function is allocated in the read_expect_type function, but is not freed before calling the read_token function. Free the token variable before calling read_token in order to plug the leak. Signed-off-by: Philippe Duplessis-Guindon Reviewed-by: Steven Rostedt (VMware) Link: https://lore.kernel.org/linux-trace-devel/20200730150236.5392-1-pduplessis@efficios.com Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Sasha Levin --- tools/lib/traceevent/event-parse.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c index 382e476629fb1..c0fcc8af2a3ef 100644 --- a/tools/lib/traceevent/event-parse.c +++ b/tools/lib/traceevent/event-parse.c @@ -2766,6 +2766,7 @@ process_dynamic_array_len(struct event_format *event, struct print_arg *arg, if (read_expected(EVENT_DELIM, ")") < 0) goto out_err; + free_token(token); type = read_token(&token); *tok = token; -- 2.25.1