Re: [PATCH v2 0/7] Final fixes before KS 2.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 17 May 2021 19:21:04 -0400
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:

> On Mon, 17 May 2021 17:21:33 +0300
> "Yordan Karadzhov (VMware)" <y.karadz@xxxxxxxxx> wrote:
> 
> > v2 changes:
> >  - Still showing all CPU plots from the new trace file when
> >    appending [PATCH kernel-shark: Preserve open graphs when
> >    appending data].
> >  - Setting "seq.buffer" to NULL after calling trace_seq_destroy()
> >    in [PATCH kernel-shark: Fix the checking if "trace_seq" was destroyed]
> >  - [PATCH kernel-shark: No slash at the end of KS_PLUGIN_INSTALL_PREFIX]
> >    is new.  
> 
> Hi Yordan,
> 
> I was playing a bit with kernelshark, and found that if I load a file and
> append one, exit, load them again, then click:
> 
>   File -> Sessions -> Restore Last Session
> 
> It crashes.
> 
> Looks to be something is freed and then reused, because when I ran it under
> gdb, it crashed in allocation of memory (asprintf). That usually means that
> something was freed twice, someplace else. Or freed and then used.
> 

Running valgrind, reported this:

==6862== Invalid read of size 8
==6862==    at 0x494CA89: map_collection_back_request (libkshark-collection.c:474)

static int
map_collection_back_request(const struct kshark_entry_collection *col,
			    struct kshark_entry_request *req)
{
	size_t req_first, req_end;
	ssize_t col_index;
	int req_count;

	col_index = map_collection_request_init(col, req, false, &req_end);
	if (col_index == KS_EMPTY_BIN)
		return 0;

	/*
	 * Now loop over the intervals of the collection going backwards till
	 * the end of the inputted request and create a separate request for
	 * each of those interest.
	 */
	req_count = 1;
	while (col_index >= 0 && req_end <= col->break_points[col_index]) {

// col_index can be zero entering this loop.

		if (req_end >= col->resume_points[col_index]) {
			/*
			 * The last entry of the original request is inside
			 * the "col_index" collection interval. Close the
			 * collection request here and return.
			 */
			req->n = req->first - req_end + 1;
			break;
		}

		/*
		 * The last entry of the original request is outside of the
		 * "col_index" interval. Close the collection request at the
		 * end of this interval and move to the next one. Try to make
		 * another request there.
		 */
		req->n = req->first -
			 col->resume_points[col_index] + 1;

		--col_index;

// col_index is decremented (-1)

		if (req_end > col->break_points[col_index]) {

Reading a negative index in an array.

Which is where valgrind reported. But I don't think this is what caused the
crash.

-- Steve
[Index of Archives]     [Linux USB Development]     [Linux USB Development]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux