[PATCH v2] lib subcmd: Avoid segv/use-after-free when commands aren't excluded

From: Ian Rogers
Date: Fri Jul 07 2023 - 19:09:37 EST

Next message: Jakub Kicinski: "Re: [PATCH v2] netconsole: Append kernel version to message"
Previous message: pr-tracker-bot: "Re: [GIT PULL] sound fixes for 6.5-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The array shortening may perform unnecessary array copies. Before
commit 657a3efee43a ("lib subcmd: Avoid memory leak in exclude_cmds")
this was benign, but afterwards this could lead to a segv.

Fixes: 657a3efee43a ("lib subcmd: Avoid memory leak in exclude_cmds")
Signed-off-by: Ian Rogers <irogers@xxxxxxxxxx>
---
tools/lib/subcmd/help.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/tools/lib/subcmd/help.c b/tools/lib/subcmd/help.c
index 67a8d6b740ea..adfbae27dc36 100644
--- a/tools/lib/subcmd/help.c
+++ b/tools/lib/subcmd/help.c
@@ -68,8 +68,13 @@ void exclude_cmds(struct cmdnames *cmds, struct cmdnames *excludes)
while (ci < cmds->cnt && ei < excludes->cnt) {
cmp = strcmp(cmds->names[ci]->name, excludes->names[ei]->name);
if (cmp < 0) {
- zfree(&cmds->names[cj]);
- cmds->names[cj++] = cmds->names[ci++];
+ if (ci == cj) {
+ ci++;
+ cj++;
+ } else {
+ zfree(&cmds->names[cj]);
+ cmds->names[cj++] = cmds->names[ci++];
+ }
} else if (cmp == 0) {
ci++;
ei++;
@@ -77,10 +82,11 @@ void exclude_cmds(struct cmdnames *cmds, struct cmdnames *excludes)
ei++;
}
}
-
- while (ci < cmds->cnt) {
- zfree(&cmds->names[cj]);
- cmds->names[cj++] = cmds->names[ci++];
+ if (ci != cj) {
+ while (ci < cmds->cnt) {
+ zfree(&cmds->names[cj]);
+ cmds->names[cj++] = cmds->names[ci++];
+ }
}
for (ci = cj; ci < cmds->cnt; ci++)
zfree(&cmds->names[ci]);
--
2.41.0.390.g38632f3daf-goog

Next message: Jakub Kicinski: "Re: [PATCH v2] netconsole: Append kernel version to message"
Previous message: pr-tracker-bot: "Re: [GIT PULL] sound fixes for 6.5-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]