Re: [PATCH dwarves] btf_encoder: fix memory access bugs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 13/12/2024 23:32, Ihor Solodrai wrote:
> When compiled with address sanitizer, a couple of errors were reported
> on pahole BTF encoding:
>   * A memory leak of strdup(func->alias), due to unchecked
>     reassignment.
>   * A read of uninitialized memory in gobuffer__sort or bsearch in
>     case btf_funcs gobuffer is empty.
> 
> Used compiler flags:
>     -fsanitize=undefined,address
>     -fsanitize-recover=address
>     -fno-omit-frame-pointer
> 
> I stumbled on these while working on [1].
> 
> [1] https://lore.kernel.org/dwarves/20241213223641.564002-1-ihor.solodrai@xxxxx/
> 
> Signed-off-by: Ihor Solodrai <ihor.solodrai@xxxxx>

Good catches! Two nits below, but

Reviewed-by: Alan Maguire <alan.maguire@xxxxxxxxxx>

> ---
>  btf_encoder.c | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/btf_encoder.c b/btf_encoder.c
> index 3754884..520ff58 100644
> --- a/btf_encoder.c
> +++ b/btf_encoder.c
> @@ -1793,6 +1793,9 @@ static int btf_encoder__collect_btf_funcs(struct btf_encoder *encoder, struct go
>  			goto out;
>  	}
>  
> +	if (gobuffer__nr_entries(funcs) <= 0)

== 0 should be fine here since the return value is an unsigned int

> +		return 0;
> +
>  	/* Now that we've collected funcs, sort them by name */
>  	gobuffer__sort(funcs, sizeof(struct btf_func), btf_func_cmp);
>  
> @@ -1954,6 +1957,11 @@ static int btf_encoder__tag_kfuncs(struct btf_encoder *encoder)
>  		goto out;
>  	}
>  
> +	if (gobuffer__nr_entries(&btf_funcs) <= 0) {

ditto here

> +		err = 0;
> +		goto out;
> +	}
> +
>  	/* First collect all kfunc set ranges.
>  	 *
>  	 * Note we choose not to sort these ranges and accept a linear
> @@ -2607,7 +2615,8 @@ int btf_encoder__encode_cu(struct btf_encoder *encoder, struct cu *cu, struct co
>  						       ", has optimized-out parameters" :
>  						       fn->proto.unexpected_reg ? ", has unexpected register use by params" :
>  						       "");
> -					func->alias = strdup(name);
> +					if (!func->alias)
> +						func->alias = strdup(name);
>  				}
>  			}
>  		} else {





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux