diff options
| author | Ian Rogers <irogers@google.com> | 2026-03-06 16:22:22 -0800 |
|---|---|---|
| committer | Namhyung Kim <namhyung@kernel.org> | 2026-03-10 23:17:13 -0700 |
| commit | ad2f6258dd1d484f328d5cdcc1bc760419636cb2 (patch) | |
| tree | 9beefd2285cd7fff47723f0a47922cf4a52b8859 /tools/perf/scripts/python/bin | |
| parent | f182573e06abb635f320b0fd0e60972c4c2467c5 (diff) | |
perf disasm: Fix potential use-after-free on fileloc
The fileloc is a copy of a pointer to a string but in places like
symbol_disassemble__llvm this string appears to be freed setting up
potential use-after-frees:
llvm.c:
```
dl = disasm_line__new(args);
if (dl == NULL)
goto err;
annotation_line__add(&dl->al, ¬es->src->source);
free(args->fileloc);
```
disasm.c:
```
static void annotation_line__init(struct annotation_line *al,
struct annotate_args *args,
int nr)
{
al->offset = args->offset;
al->line = strdup(args->line);
al->line_nr = args->line_nr;
al->fileloc = args->fileloc;
al->data_nr = nr;
}
struct disasm_line *disasm_line__new(struct annotate_args *args)
{
struct disasm_line *dl = NULL;
struct annotation *notes = symbol__annotation(args->ms->sym);
int nr = notes->src->nr_events;
dl = zalloc(disasm_line_size(nr));
if (!dl)
return NULL;
annotation_line__init(&dl->al, args, nr);
```
Fix this by making the fileloc a copy of the underlying string in its
init/exit.
Signed-off-by: Ian Rogers <irogers@google.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Diffstat (limited to 'tools/perf/scripts/python/bin')
0 files changed, 0 insertions, 0 deletions