From: "Steven Rostedt (VMware)" <rostedt@xxxxxxxxxxx>
The error paths of create_file_fd() after the handle is allocated, jumps
to the out_free label. This will call tracecmd_output_close(), which will
clean up the allocated tracecmd_output handle. This includes the options
list. But there's two error paths that will jump to out_free before the
options list is initialized. If an error occurs in one of these two
locations, then walking the option list will cause a segfault.
Initialize the option list immediately after the allocation of the handle
and before any of the error paths that jump to out_free.
Signed-off-by: Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx>
---
lib/trace-cmd/trace-output.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/trace-cmd/trace-output.c b/lib/trace-cmd/trace-output.c
index b3d0fe7e..78a25350 100644
--- a/lib/trace-cmd/trace-output.c
+++ b/lib/trace-cmd/trace-output.c
@@ -938,6 +938,8 @@ create_file_fd(int fd, struct tracecmd_input *ihandle,
return NULL;
memset(handle, 0, sizeof(*handle));
+ list_head_init(&handle->options);
+
handle->fd = fd;
if (tracing_dir) {
handle->tracing_dir = strdup(tracing_dir);
@@ -950,8 +952,6 @@ create_file_fd(int fd, struct tracecmd_input *ihandle,
if (select_file_version(handle, ihandle))
goto out_free;
- list_head_init(&handle->options);
-
buf[0] = 23;
buf[1] = 8;
buf[2] = 68;
--
2.29.2
|