The parse events parser leaks memory for certain expressions as well as allowing a char* to reference stack, heap or .rodata. This series of patches improves the hygeine and adds free-ing operations to reclaim memory in the parser in error and non-error situations. The series of patches was generated with LLVM's address sanitizer and libFuzzer: https://llvm.org/docs/LibFuzzer.html called on the parse_events function with randomly generated input. With the patches no leaks or memory corruption issues were present. The v4 patches address review comments from Jiri Olsa, turning a long error message into a single warning, fixing the data type in a list iterator and reordering patches. The v3 patches address review comments from Jiri Olsa improving commit messages, handling ENOMEM errors from strdup better, and removing a printed warning if an invalid event is passed. The v2 patches are preferable to an earlier proposed patch: perf tools: avoid reading out of scope array Ian Rogers (9): perf tools: add parse events handle error perf tools: move ALLOC_LIST into a function perf tools: avoid a malloc for array events perf tools: splice events onto evlist even on error perf tools: ensure config and str in terms are unique perf tools: add destructors for parse event terms perf tools: before yyabort-ing free components perf tools: if pmu configuration fails free terms perf tools: add a deep delete for parse event terms tools/perf/util/parse-events.c | 177 ++++++++++----- tools/perf/util/parse-events.h | 3 + tools/perf/util/parse-events.y | 388 ++++++++++++++++++++++++--------- tools/perf/util/pmu.c | 32 +-- 4 files changed, 433 insertions(+), 167 deletions(-) -- 2.24.0.rc0.303.g954a862665-goog
