The parse events parser leaks memory for certain expressions as well as allowing a char* to reference stack, heap or .rodata. This series of patches improves the hygeine and adds free-ing operations to reclaim memory in the parser in error and non-error situations. The series of patches was generated with LLVM's address sanitizer and libFuzzer: https://llvm.org/docs/LibFuzzer.html called on the parse_events function with randomly generated input. With the patches no leaks or memory corruption issues were present. The v3 patches address review comments from Jiri Olsa improving commit messages, handling ENOMEM errors from strdup better, and removing a printed warning if an invalid event is passed. The v2 patches are preferable to an earlier proposed patch: perf tools: avoid reading out of scope array Ian Rogers (9): perf tools: add parse events append error perf tools: splice events onto evlist even on error perf tools: ensure config and str in terms are unique perf tools: move ALLOC_LIST into a function perf tools: avoid a malloc for array events perf tools: add destructors for parse event terms perf tools: before yyabort-ing free components perf tools: if pmu configuration fails free terms perf tools: add a deep delete for parse event terms tools/perf/util/parse-events.c | 193 +++++++++++----- tools/perf/util/parse-events.h | 3 + tools/perf/util/parse-events.y | 388 ++++++++++++++++++++++++--------- tools/perf/util/pmu.c | 32 +-- 4 files changed, 449 insertions(+), 167 deletions(-) -- 2.23.0.866.gb869b98d4c-goog
