perf header: Fix memory leaks when processing feature headers
Bugzilla: https://bugzilla.redhat.com/2069073 upstream ======== commit 4747395082abc67c700a75e4cf3b796e79c7cf3a Author: Ian Rogers <irogers@google.com> Date: Thu Nov 18 12:17:30 2021 -0800 description =========== These leaks were found with leak sanitizer running "perf pipe recording and injection test". In pipe mode feat_fd may hold onto an events struct that needs freeing. When string features are processed they may overwrite an already created string, so free this before the overwrite. Signed-off-by: Michael Petlan <mpetlan@redhat.com>
This commit is contained in:
Michael Petlan
parent
81eca81503
commit
560cbb2e89
|
|
@ -2321,6 +2321,7 @@ out:
|
||||||
#define FEAT_PROCESS_STR_FUN(__feat, __feat_env) \
|
#define FEAT_PROCESS_STR_FUN(__feat, __feat_env) \
|
||||||
static int process_##__feat(struct feat_fd *ff, void *data __maybe_unused) \
|
static int process_##__feat(struct feat_fd *ff, void *data __maybe_unused) \
|
||||||
{\
|
{\
|
||||||
|
free(ff->ph->env.__feat_env); \
|
||||||
ff->ph->env.__feat_env = do_read_string(ff); \
|
ff->ph->env.__feat_env = do_read_string(ff); \
|
||||||
return ff->ph->env.__feat_env ? 0 : -ENOMEM; \
|
return ff->ph->env.__feat_env ? 0 : -ENOMEM; \
|
||||||
}
|
}
|
||||||
|
|
@ -4124,6 +4125,7 @@ int perf_event__process_feature(struct perf_session *session,
|
||||||
struct perf_record_header_feature *fe = (struct perf_record_header_feature *)event;
|
struct perf_record_header_feature *fe = (struct perf_record_header_feature *)event;
|
||||||
int type = fe->header.type;
|
int type = fe->header.type;
|
||||||
u64 feat = fe->feat_id;
|
u64 feat = fe->feat_id;
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
if (type < 0 || type >= PERF_RECORD_HEADER_MAX) {
|
if (type < 0 || type >= PERF_RECORD_HEADER_MAX) {
|
||||||
pr_warning("invalid record type %d in pipe-mode\n", type);
|
pr_warning("invalid record type %d in pipe-mode\n", type);
|
||||||
|
|
@ -4141,11 +4143,13 @@ int perf_event__process_feature(struct perf_session *session,
|
||||||
ff.size = event->header.size - sizeof(*fe);
|
ff.size = event->header.size - sizeof(*fe);
|
||||||
ff.ph = &session->header;
|
ff.ph = &session->header;
|
||||||
|
|
||||||
if (feat_ops[feat].process(&ff, NULL))
|
if (feat_ops[feat].process(&ff, NULL)) {
|
||||||
return -1;
|
ret = -1;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
if (!feat_ops[feat].print || !tool->show_feat_hdr)
|
if (!feat_ops[feat].print || !tool->show_feat_hdr)
|
||||||
return 0;
|
goto out;
|
||||||
|
|
||||||
if (!feat_ops[feat].full_only ||
|
if (!feat_ops[feat].full_only ||
|
||||||
tool->show_feat_hdr >= SHOW_FEAT_HEADER_FULL_INFO) {
|
tool->show_feat_hdr >= SHOW_FEAT_HEADER_FULL_INFO) {
|
||||||
|
|
@ -4154,8 +4158,9 @@ int perf_event__process_feature(struct perf_session *session,
|
||||||
fprintf(stdout, "# %s info available, use -I to display\n",
|
fprintf(stdout, "# %s info available, use -I to display\n",
|
||||||
feat_ops[feat].name);
|
feat_ops[feat].name);
|
||||||
}
|
}
|
||||||
|
out:
|
||||||
return 0;
|
free_event_desc(ff.events);
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t perf_event__fprintf_event_update(union perf_event *event, FILE *fp)
|
size_t perf_event__fprintf_event_update(union perf_event *event, FILE *fp)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue