In parse_record_options() we can end up using a deleted instance after
options have been parsed. This can be triggered by the following
command:
$ trace-cmd record -v -e block -B foo ls
We probably need a proper to avoid to end up in this situation, but in
the mean time, check that the current instance isn't marked for
deletion before calling remove_instances(). That at least prevent an
hard to debug memory corruption bug.
Fixes a USE_AFTER_FREE error (CWE-416)
Signed-off-by: Jerome Marchand <jmarchan@xxxxxxxxxx>
---
tracecmd/trace-record.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c
index 770e775b..dc3e5285 100644
--- a/tracecmd/trace-record.c
+++ b/tracecmd/trace-record.c
@@ -6909,6 +6909,8 @@ static void parse_record_options(int argc,
}
}
+ if (ctx->instance->delete)
+ die("Instance to be deleted is still used");
remove_instances(del_list);
/* If --date is specified, prepend it to all guest VM flags */
--
2.44.0
|