diff options
| author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2026-06-06 11:03:29 -0300 |
|---|---|---|
| committer | Arnaldo Carvalho de Melo <acme@redhat.com> | 2026-06-06 11:03:29 -0300 |
| commit | 25627346b10e6a564610ea2c49dc6dd54812226d (patch) | |
| tree | 9d87db2287a8aac2728b38b62c6b9db5066a3625 /tools/perf/scripts/python/net_dropmonitor.py | |
| parent | 75eafe4a3a93a0143a20c0cc286bfb9008ac1478 (diff) | |
perf mmap: Fix NULL deref in aio cleanup on alloc failure
perf_mmap__aio_mmap() sets map->aio.nr_cblocks before allocating the
data array. If calloc() for aiocb or cblocks fails before the data
array is allocated, the return -1 path leads to perf_mmap__aio_munmap()
which loops nr_cblocks times calling perf_mmap__aio_free(). Both
versions of perf_mmap__aio_free() (NUMA and non-NUMA) dereference
map->aio.data[idx] without checking if data is NULL, causing a NULL
pointer dereference.
Add NULL checks for map->aio.data at the top of both
perf_mmap__aio_free() variants so the cleanup path is safe when
allocation fails partway through perf_mmap__aio_mmap().
Fixes: d3d1af6f011a553a ("perf record: Enable asynchronous trace writing")
Reported-by: sashiko-bot <sashiko-bot@kernel.org>
Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Diffstat (limited to 'tools/perf/scripts/python/net_dropmonitor.py')
0 files changed, 0 insertions, 0 deletions
