From: "Steven Rostedt (VMware)" <rostedt@xxxxxxxxxxx>
If a file has no size (nothing is read), then str_read_file() frees the
buffer and returns zero. The problem is that all callers of str_read_file()
uses the buffer supplied if the value returned is not a negative. This
causes the freed buffer being used by the callers if the file read existed
but had no content.
This is apparent when using a copy of the tracefs directory, where some file
exist, but have no content, then loading the events would cause a segfault.
Signed-off-by: Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx>
---
tracefs-utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tracefs-utils.c b/tracefs-utils.c
index 326b455..690506c 100644
--- a/tracefs-utils.c
+++ b/tracefs-utils.c
@@ -220,7 +220,7 @@ __hidden int str_read_file(const char *file, char **buffer)
} while (r > 0);
close(fd);
- if (r == 0 && size > 0) {
+ if (r == 0) {
buf[size] = '\0';
*buffer = buf;
} else
--
2.25.4
|