Commit 196e3558 authored Aug 29, 2023 by Ian Rogers Committed by Arnaldo Carvalho de Melo Aug 30, 2023

perf pmu: Avoid uninitialized use of alias->str



alias is allocated with malloc allowing uninitialized memory to be
accessed.

The initialization of str was moved late after it could have been
updated by a JSON event, however, this create a potential for an
uninitialized use.

Fix this by assigning str to NULL early.

Testing on ARM (Raspberry Pi) showed a memory leak in the same code so
add a zfree.

Fixes: f63a536f ("perf pmu: Merge JSON events with sysfs at load time")
Reported-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ian Rogers <irogers@google.com>
Acked-by: Namhyung Kim <namhyung@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Clark <james.clark@arm.com>
Cc: Jing Zhang <renyu.zj@linux.alibaba.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sumanth Korikkar <sumanthk@linux.ibm.com>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Link: https://lore.kernel.org/r/20230830000545.1638964-1-irogers@google.com


Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

parent d2045f87

tools/perf/util/pmu.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -532,6 +532,7 @@ static int perf_pmu__new_alias(struct perf_pmu pmu, const char name,
		if (!alias)
		return -ENOMEM;

		alias->str = NULL;
		INIT_LIST_HEAD(&alias->terms);
		alias->scale = 1.0;
		alias->unit[0] = '\0';
		@@ -593,6 +594,7 @@ static int perf_pmu__new_alias(struct perf_pmu pmu, const char name,
		ret += scnprintf(newval + ret, sizeof(newval) - ret,
		"%s=%s", term->config, term->val.str);
		}
		zfree(&alias->str);
		alias->str = strdup(newval);
		if (!pe)
		pmu->sysfs_aliases++;