Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1621420rwi; Thu, 20 Oct 2022 15:10:10 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7LmYO16VxIixnJPACuOY9RVfkYcqGSo/pnoUSqc0rBRKUAIv8u+l76ueUIZCSxV7mQLD3z X-Received: by 2002:a17:903:1053:b0:185:37cb:da04 with SMTP id f19-20020a170903105300b0018537cbda04mr16350893plc.108.1666303810459; Thu, 20 Oct 2022 15:10:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666303810; cv=none; d=google.com; s=arc-20160816; b=lKjohJKg7csT7QvK4F82s9Qur/C1bvW5rXblx47H0OxQNlI3tufOmYzfjvUeFiGBpf hiAS3w2qOU40MkvFOchtGUJG5yUbjjRcSnU7Ml/GtExt3rqaD1mKnw0AAVE0zNippaJD 0xYgcp6v6yBOH26lV3Gw3EtSQtQdbpTx2K2yJjYH2S82HMWI2XcL1YpV69PAiDP2C0kJ H6tLcQKYP2KRCxBd5yyB0UqaJzhCOsw6MOhse/N+lmDsamXTqPYnqNvDfBs9fH/lPsyR Sy8+/+of5gTYz6twDIKRhcf3FWs0iKE0AapP7+qyTUlkG999VshpI9LpboBSLUU075I7 Dq8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=m0avYcFmqFO4V3esRDLGRe/ThBDnaVn7RfdL6hyGsHs=; b=m0WGaz/L70A06NkgekAv8pqEYfI7F3rLQodz3WVPAvCSahL3QTYAP4XIuJpI6wteZS Hc1PBn2QkyK676l6vMAyRqJxkhPoPFLnDgtgqfiy4DF8pi9QYADnvWTby1BEK3g5RFVT Ncz7z4B/Qoeoxh9nGREbGEnWA3KIqio52aHejorZ5xRPAFFkVt6bfuKahrTFXuSxYPOD 84lDDJKy+h/+ZQkO8cAuqeuoU1jZg/RYthxRjoyTCfreFl2oDW4OBG1+nG4R0Abz136W Rgi0PkvtZ7eB7DVOePB2dnhhfOsQ9tXAkIqyBEe3kmwQr+/rpoqpZw17Gx24tVQLsaTc gpRw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j15-20020a170902da8f00b001753958498dsi26513687plx.492.2022.10.20.15.09.58; Thu, 20 Oct 2022 15:10:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229695AbiJTVXX (ORCPT + 99 others); Thu, 20 Oct 2022 17:23:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60174 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229606AbiJTVXW (ORCPT ); Thu, 20 Oct 2022 17:23:22 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B9EB198986 for ; Thu, 20 Oct 2022 14:23:21 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BD77361CD3 for ; Thu, 20 Oct 2022 21:23:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A1B61C433D6; Thu, 20 Oct 2022 21:23:19 +0000 (UTC) Date: Thu, 20 Oct 2022 17:23:24 -0400 From: Steven Rostedt To: Shang XiaoJing Cc: , , Subject: Re: [PATCH] tools lib traceevent: Fix double free in event_read_fields() Message-ID: <20221020172324.66c6927f@gandalf.local.home> In-Reply-To: <20221017085937.8583-1-shangxiaojing@huawei.com> References: <20221017085937.8583-1-shangxiaojing@huawei.com> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 17 Oct 2022 16:59:37 +0800 Shang XiaoJing wrote: > There is a double free in event_read_fields(). After calling free_token() > to free the token, if append() failed, then goto fail, which will call > free_token() again. Triggered by compiling with perf and run "perf sched > record". Fix the double free by goto fail_expect instead of fail while > append() failed, which won't call redundant free_token(). > > BUG: double free > free(): double free detected in tcache 2 > Aborted > > Fixes: d286447f23cd ("tools lib traceevent: Handle realloc() failure path") > Signed-off-by: Shang XiaoJing > --- > tools/lib/traceevent/event-parse.c | 2 +- tool/lib/traceevent is deprecated. Can you send this patch to linux-trace-devel@vger.kernel.org against https://git.kernel.org/pub/scm/libs/libtrace/libtraceevent.git/ Thanks! -- Steve > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c > index 8e24c4c78c7f..e0a5a22fe702 100644 > --- a/tools/lib/traceevent/event-parse.c > +++ b/tools/lib/traceevent/event-parse.c > @@ -1594,7 +1594,7 @@ static int event_read_fields(struct tep_event *event, struct tep_format_field ** > ret = append(&brackets, "", "]"); > if (ret < 0) { > free(brackets); > - goto fail; > + goto fail_expect; > } > > /* add brackets to type */