Patch "tools lib traceevent: Fix memory leak in process_dynamic_array_len" has been added to the 4.9-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 07 Aug 2020 16:12:43 -0400

This is a note to let you know that I've just added the patch titled

    tools lib traceevent: Fix memory leak in process_dynamic_array_len

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     tools-lib-traceevent-fix-memory-leak-in-process_dyna.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 3f043a9a7517ff04151a936d4e71a60745e87d6e
Author: Philippe Duplessis-Guindon <pduplessis@xxxxxxxxxxxx>
Date:   Thu Jul 30 11:02:36 2020 -0400

    tools lib traceevent: Fix memory leak in process_dynamic_array_len
    
    [ Upstream commit e24c6447ccb7b1a01f9bf0aec94939e6450c0b4d ]
    
    I compiled with AddressSanitizer and I had these memory leaks while I
    was using the tep_parse_format function:
    
        Direct leak of 28 byte(s) in 4 object(s) allocated from:
            #0 0x7fb07db49ffe in __interceptor_realloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dffe)
            #1 0x7fb07a724228 in extend_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:985
            #2 0x7fb07a724c21 in __read_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1140
            #3 0x7fb07a724f78 in read_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1206
            #4 0x7fb07a725191 in __read_expect_type /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1291
            #5 0x7fb07a7251df in read_expect_type /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1299
            #6 0x7fb07a72e6c8 in process_dynamic_array_len /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:2849
            #7 0x7fb07a7304b8 in process_function /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3161
            #8 0x7fb07a730900 in process_arg_token /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3207
            #9 0x7fb07a727c0b in process_arg /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:1786
            #10 0x7fb07a731080 in event_read_print_args /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3285
            #11 0x7fb07a731722 in event_read_print /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:3369
            #12 0x7fb07a740054 in __tep_parse_format /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6335
            #13 0x7fb07a74047a in __parse_event /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6389
            #14 0x7fb07a740536 in tep_parse_format /home/pduplessis/repo/linux/tools/lib/traceevent/event-parse.c:6431
            #15 0x7fb07a785acf in parse_event ../../../src/fs-src/fs.c:251
            #16 0x7fb07a785ccd in parse_systems ../../../src/fs-src/fs.c:284
            #17 0x7fb07a786fb3 in read_metadata ../../../src/fs-src/fs.c:593
            #18 0x7fb07a78760e in ftrace_fs_source_init ../../../src/fs-src/fs.c:727
            #19 0x7fb07d90c19c in add_component_with_init_method_data ../../../../src/lib/graph/graph.c:1048
            #20 0x7fb07d90c87b in add_source_component_with_initialize_method_data ../../../../src/lib/graph/graph.c:1127
            #21 0x7fb07d90c92a in bt_graph_add_source_component ../../../../src/lib/graph/graph.c:1152
            #22 0x55db11aa632e in cmd_run_ctx_create_components_from_config_components ../../../src/cli/babeltrace2.c:2252
            #23 0x55db11aa6fda in cmd_run_ctx_create_components ../../../src/cli/babeltrace2.c:2347
            #24 0x55db11aa780c in cmd_run ../../../src/cli/babeltrace2.c:2461
            #25 0x55db11aa8a7d in main ../../../src/cli/babeltrace2.c:2673
            #26 0x7fb07d5460b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    
    The token variable in the process_dynamic_array_len function is
    allocated in the read_expect_type function, but is not freed before
    calling the read_token function.
    
    Free the token variable before calling read_token in order to plug the
    leak.
    
    Signed-off-by: Philippe Duplessis-Guindon <pduplessis@xxxxxxxxxxxx>
    Reviewed-by: Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx>
    Link: https://lore.kernel.org/linux-trace-devel/20200730150236.5392-1-pduplessis@xxxxxxxxxxxx
    Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/tools/lib/traceevent/event-parse.c b/tools/lib/traceevent/event-parse.c
index 62f4cacf253ab..b9db8739487dc 100644
--- a/tools/lib/traceevent/event-parse.c
+++ b/tools/lib/traceevent/event-parse.c
@@ -2764,6 +2764,7 @@ process_dynamic_array_len(struct event_format *event, struct print_arg *arg,
 	if (read_expected(EVENT_DELIM, ")") < 0)
 		goto out_err;
 
+	free_token(token);
 	type = read_token(&token);
 	*tok = token;
 






