[PATCH 33/38] trace-cmd record: prevent memory corruption in parse_record_options()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In parse_record_options() we can end up using a deleted instance after
options have been parsed. This can be triggered by the following
command:
$ trace-cmd record -v -e block -B foo  ls

We probably need a proper to avoid to end up in this situation, but in
the mean time, check that the current instance isn't marked for
deletion before calling remove_instances(). That at least prevent an
hard to debug memory corruption bug.

Fixes a USE_AFTER_FREE error (CWE-416)

Signed-off-by: Jerome Marchand <jmarchan@xxxxxxxxxx>
---
 tracecmd/trace-record.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c
index 770e775b..dc3e5285 100644
--- a/tracecmd/trace-record.c
+++ b/tracecmd/trace-record.c
@@ -6909,6 +6909,8 @@ static void parse_record_options(int argc,
 		}
 	}
 
+	if (ctx->instance->delete)
+		die("Instance to be deleted is still used");
 	remove_instances(del_list);
 
 	/* If --date is specified, prepend it to all guest VM flags */
-- 
2.44.0





[Index of Archives]     [Linux USB Development]     [Linux USB Development]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux