From nobody Wed Apr 8 04:25:13 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 625B8C3F6B0 for ; Wed, 24 Aug 2022 14:57:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238794AbiHXO5s (ORCPT ); Wed, 24 Aug 2022 10:57:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53152 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232675AbiHXO5p (ORCPT ); Wed, 24 Aug 2022 10:57:45 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1683286C0A for ; Wed, 24 Aug 2022 07:57:44 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-335420c7bfeso295796317b3.16 for ; Wed, 24 Aug 2022 07:57:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:mime-version:message-id:date:from:to:cc; bh=JJOIl+EDVjVvhR9Jq1qiOL01/r6+w00u23P6bw2VtMs=; b=cHhsa+jPUGGQ+zGim31Z7luEFiBNoI/X65ETXMUdPiUWbMPtIe96ZvxWUykdAFWtV1 Tspe4tsu/gj0Homw9TXFiY3MPZMg+MffTKAfkYcToYvszS8aih8jQpeaEbHF+e7XJM7c 1mvofPmhabcRCIpIteCEUruivzSLaFYFDovcPtDizJUiSoxfDxqAy+gatnXhElNuc20i yQZDZDsA3CyGuL/z2OKLj76fYsnqkwr/oIIZF59MBFKUDgdoKrddCeChD96XAFaVuGYd 5YVmqwNDP3NclMLV54Pl7WrfrJFZASk4VWPHoAkz3RPMz+lhjmsNZZiZ3GiQPbVOr5Ty sYsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:mime-version:message-id:date:x-gm-message-state :from:to:cc; bh=JJOIl+EDVjVvhR9Jq1qiOL01/r6+w00u23P6bw2VtMs=; b=YajLfhNVS6wO3Kt4uWR7zjqFf1mR0mwHRSHjc1c8OyBbwMYXA3kEiGOOIWtd2Cwv9p jd1iiDCPdhMRnGC5iY6tle5Y644FaKJv0tvBac4KrsjFAEnW9mOdmgljbeWKKNZijLOP dEnXxErpGjMNDzo16DEMuyLnnMUJPT7fUqUhu1rbY+knAl9JcH+PdFpBrjbLz5g0dfHT PFv7Z5876+Pm3n1iDBnvyn+kAqeUE/ZnB+6ibYjAi9mUh/Gj5JRQT/mhBgl9oHywfJW9 6SdEUqPk9XelyWZUlLE5o9uzPoh70nnqhd0oVnJajsZLeP1h0mYwDITnyhiRPoKqzD81 TPyQ== X-Gm-Message-State: ACgBeo07RKjBxKNqUhea/q8S+SCRo0sSMNNskACEsMY3l1Vg5efc/gUp qEARWOkiANaNo7FmEuz3/cvhUYedX9Go X-Google-Smtp-Source: AA6agR6UZyaqUGsHp0NBvF+c02VZlNBHz1zPqI70WE8GaQASuxfbdgbFXOl/by68XCkWkq5IDBQbCg7nAGI3 X-Received: from irogers.svl.corp.google.com ([2620:15c:2d4:203:7dbd:c08f:de81:c2a3]) (user=irogers job=sendgmr) by 2002:a25:5842:0:b0:695:6207:507d with SMTP id m63-20020a255842000000b006956207507dmr23358575ybb.219.1661353063358; Wed, 24 Aug 2022 07:57:43 -0700 (PDT) Date: Wed, 24 Aug 2022 07:57:33 -0700 Message-Id: <20220824145733.409005-1-irogers@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.37.2.609.g9ff673ca1a-goog Subject: [PATCH v2] perf sched: Fix memory leaks in __cmd_record From: Ian Rogers To: Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Stephane Eranian , Ian Rogers Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" An array of strings is passed to cmd_record but not freed. As cmd_record modifies the array, add another array as a copy that can be mutated allowing the original array contents to all be freed. Detected with -fsanitize=3Daddress. Signed-off-by: Ian Rogers --- tools/perf/builtin-sched.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/tools/perf/builtin-sched.c b/tools/perf/builtin-sched.c index 2f6cd1b8b662..a5cf243c337f 100644 --- a/tools/perf/builtin-sched.c +++ b/tools/perf/builtin-sched.c @@ -3355,7 +3355,8 @@ static bool schedstat_events_exposed(void) static int __cmd_record(int argc, const char **argv) { unsigned int rec_argc, i, j; - const char **rec_argv; + char **rec_argv; + const char **rec_argv_copy; const char * const record_args[] =3D { "record", "-a", @@ -3384,6 +3385,7 @@ static int __cmd_record(int argc, const char **argv) ARRAY_SIZE(schedstat_args) : 0; =20 struct tep_event *waking_event; + int ret; =20 /* * +2 for either "-e", "sched:sched_wakeup" or @@ -3391,14 +3393,18 @@ static int __cmd_record(int argc, const char **argv) */ rec_argc =3D ARRAY_SIZE(record_args) + 2 + schedstat_argc + argc - 1; rec_argv =3D calloc(rec_argc + 1, sizeof(char *)); - if (rec_argv =3D=3D NULL) return -ENOMEM; + rec_argv_copy =3D calloc(rec_argc + 1, sizeof(char *)); + if (rec_argv_copy =3D=3D NULL) { + free(rec_argv); + return -ENOMEM; + } =20 for (i =3D 0; i < ARRAY_SIZE(record_args); i++) rec_argv[i] =3D strdup(record_args[i]); =20 - rec_argv[i++] =3D "-e"; + rec_argv[i++] =3D strdup("-e"); waking_event =3D trace_event__tp_format("sched", "sched_waking"); if (!IS_ERR(waking_event)) rec_argv[i++] =3D strdup("sched:sched_waking"); @@ -3409,11 +3415,19 @@ static int __cmd_record(int argc, const char **argv) rec_argv[i++] =3D strdup(schedstat_args[j]); =20 for (j =3D 1; j < (unsigned int)argc; j++, i++) - rec_argv[i] =3D argv[j]; + rec_argv[i] =3D strdup(argv[j]); =20 BUG_ON(i !=3D rec_argc); =20 - return cmd_record(i, rec_argv); + memcpy(rec_argv_copy, rec_argv, sizeof(char *) * rec_argc); + ret =3D cmd_record(rec_argc, rec_argv_copy); + + for (i =3D 0; i < rec_argc; i++) + free(rec_argv[i]); + free(rec_argv); + free(rec_argv_copy); + + return ret; } =20 int cmd_sched(int argc, const char **argv) --=20 2.37.2.609.g9ff673ca1a-goog