diff options
| author | Leo Yan <[email protected]> | 2019-07-02 18:34:13 +0800 |
|---|---|---|
| committer | Arnaldo Carvalho de Melo <[email protected]> | 2019-07-09 09:33:55 -0300 |
| commit | 600c787dbf6521d8d07ee717ab7606d5070103ea (patch) | |
| tree | ed17d832f8dec55368a204f011a08176c4b39210 | |
| parent | 111442cfc8abdeaa7ec1407f07ef7b3e5f76654e (diff) | |
perf annotate: Fix dereferencing freed memory found by the smatch tool
Based on the following report from Smatch, fix the potential
dereferencing freed memory check.
tools/perf/util/annotate.c:1125
disasm_line__parse() error: dereferencing freed memory 'namep'
tools/perf/util/annotate.c
1100 static int disasm_line__parse(char *line, const char **namep, char **rawp)
1101 {
1102 char tmp, *name = ltrim(line);
[...]
1114 *namep = strdup(name);
1115
1116 if (*namep == NULL)
1117 goto out_free_name;
[...]
1124 out_free_name:
1125 free((void *)namep);
^^^^^
1126 *namep = NULL;
^^^^^^
1127 return -1;
1128 }
If strdup() fails to allocate memory space for *namep, we don't need to
free memory with pointer 'namep', which is resident in data structure
disasm_line::ins::name; and *namep is NULL pointer for this failure, so
it's pointless to assign NULL to *namep again.
Committer note:
Freeing namep, which is the address of the first entry of the 'struct
ins' that is the first member of struct disasm_line would in fact free
that disasm_line instance, if it was allocated via malloc/calloc, which,
later, would a dereference of freed memory.
Signed-off-by: Leo Yan <[email protected]>
Acked-by: Jiri Olsa <[email protected]>
Cc: Adrian Hunter <[email protected]>
Cc: Alexander Shishkin <[email protected]>
Cc: Alexey Budankov <[email protected]>
Cc: Alexios Zavras <[email protected]>
Cc: Andi Kleen <[email protected]>
Cc: Changbin Du <[email protected]>
Cc: David S. Miller <[email protected]>
Cc: Davidlohr Bueso <[email protected]>
Cc: Eric Saint-Etienne <[email protected]>
Cc: Jin Yao <[email protected]>
Cc: Konstantin Khlebnikov <[email protected]>
Cc: Mathieu Poirier <[email protected]>
Cc: Namhyung Kim <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Rasmus Villemoes <[email protected]>
Cc: Song Liu <[email protected]>
Cc: Suzuki Poulouse <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Thomas Richter <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
| -rw-r--r-- | tools/perf/util/annotate.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c index ec7aaf31c2b2..944a6507a5e3 100644 --- a/tools/perf/util/annotate.c +++ b/tools/perf/util/annotate.c @@ -1119,16 +1119,14 @@ static int disasm_line__parse(char *line, const char **namep, char **rawp) *namep = strdup(name); if (*namep == NULL) - goto out_free_name; + goto out; (*rawp)[0] = tmp; *rawp = skip_spaces(*rawp); return 0; -out_free_name: - free((void *)namep); - *namep = NULL; +out: return -1; } |