Re: [PATCH urgent] perf data: Fix double free in perf_session__delete
From: Jiri Olsa
Date: Sun Feb 20 2022 - 17:46:24 EST
On Fri, Feb 18, 2022 at 06:23:41PM +0300, Alexey Bayduraev wrote:
> When perf_data__create_dir fails, it calls close_dir, but
> perf_session__delete also calls close_dir and since dir.version and
> dir.nr was initialized by perf_data__create_dir, a double free occurs.
> This patch moves the initialization of dir.version and dir.nr after
> successful initialization of dir.files, that prevents double freeing.
> This behavior is already implemented in perf_data__open_dir.
>
> Fixes: 145520631130bd64 ("perf data: Add perf_data__(create_dir|close_dir) functions")
> Signed-off-by: Alexey Bayduraev <alexey.v.bayduraev@xxxxxxxxxxxxxxx>
Acked-by: Jiri Olsa <jolsa@xxxxxxxxxx>
thanks,
jirka
> ---
> tools/perf/util/data.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/tools/perf/util/data.c b/tools/perf/util/data.c
> index f5d260b1df4d..15a4547d608e 100644
> --- a/tools/perf/util/data.c
> +++ b/tools/perf/util/data.c
> @@ -44,10 +44,6 @@ int perf_data__create_dir(struct perf_data *data, int nr)
> if (!files)
> return -ENOMEM;
>
> - data->dir.version = PERF_DIR_VERSION;
> - data->dir.files = files;
> - data->dir.nr = nr;
> -
> for (i = 0; i < nr; i++) {
> struct perf_data_file *file = &files[i];
>
> @@ -62,6 +58,9 @@ int perf_data__create_dir(struct perf_data *data, int nr)
> file->fd = ret;
> }
>
> + data->dir.version = PERF_DIR_VERSION;
> + data->dir.files = files;
> + data->dir.nr = nr;
> return 0;
>
> out_err:
> --
> 2.19.0
>