1. Patchew
  2. linux
  3. [PATCH v1 0/3] 2 memory fixes and a build fix
  4. View patch

[PATCH v1 1/3] perf disasm: Fix capstone memory leak

Ian Rogers posted 3 patches 2 months ago
[PATCH v1 1/3] perf disasm: Fix capstone memory leak
Posted by Ian Rogers 2 months ago 
The insn argument passed to cs_disasm needs freeing. To support
accurately having count, add an additional free_count variable.

Fixes: c5d60de1813a ("perf annotate: Add support to use libcapstone in powerpc")
Signed-off-by: Ian Rogers <irogers@google.com>
---
 tools/perf/util/disasm.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/tools/perf/util/disasm.c b/tools/perf/util/disasm.c
index f05ba7739c1e..2c8063660f2e 100644
--- a/tools/perf/util/disasm.c
+++ b/tools/perf/util/disasm.c
@@ -1627,12 +1627,12 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
 	u64 start = map__rip_2objdump(map, sym->start);
 	u64 len;
 	u64 offset;
-	int i, count;
+	int i, count, free_count;
 	bool is_64bit = false;
 	bool needs_cs_close = false;
 	u8 *buf = NULL;
 	csh handle;
-	cs_insn *insn;
+	cs_insn *insn = NULL;
 	char disasm_buf[512];
 	struct disasm_line *dl;
 
@@ -1664,7 +1664,7 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
 
 	needs_cs_close = true;
 
-	count = cs_disasm(handle, buf, len, start, len, &insn);
+	free_count = count = cs_disasm(handle, buf, len, start, len, &insn);
 	for (i = 0, offset = 0; i < count; i++) {
 		int printed;
 
@@ -1702,8 +1702,11 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
 	}
 
 out:
-	if (needs_cs_close)
+	if (needs_cs_close) {
 		cs_close(&handle);
+		if (free_count > 0)
+			cs_free(insn, free_count);
+	}
 	free(buf);
 	return count < 0 ? count : 0;
 
-- 
2.46.0.792.g87dc391469-goog
Re: [PATCH v1 1/3] perf disasm: Fix capstone memory leak
Posted by Namhyung Kim 2 months ago 
On Mon, Sep 23, 2024 at 05:37:18PM -0700, Ian Rogers wrote:
> The insn argument passed to cs_disasm needs freeing. To support
> accurately having count, add an additional free_count variable.
> 
> Fixes: c5d60de1813a ("perf annotate: Add support to use libcapstone in powerpc")
> Signed-off-by: Ian Rogers <irogers@google.com>
> ---
>  tools/perf/util/disasm.c | 11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/tools/perf/util/disasm.c b/tools/perf/util/disasm.c
> index f05ba7739c1e..2c8063660f2e 100644
> --- a/tools/perf/util/disasm.c
> +++ b/tools/perf/util/disasm.c
> @@ -1627,12 +1627,12 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
>  	u64 start = map__rip_2objdump(map, sym->start);
>  	u64 len;
>  	u64 offset;
> -	int i, count;
> +	int i, count, free_count;
>  	bool is_64bit = false;
>  	bool needs_cs_close = false;
>  	u8 *buf = NULL;
>  	csh handle;
> -	cs_insn *insn;
> +	cs_insn *insn = NULL;
>  	char disasm_buf[512];
>  	struct disasm_line *dl;
>  
> @@ -1664,7 +1664,7 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
>  
>  	needs_cs_close = true;
>  
> -	count = cs_disasm(handle, buf, len, start, len, &insn);
> +	free_count = count = cs_disasm(handle, buf, len, start, len, &insn);
>  	for (i = 0, offset = 0; i < count; i++) {
>  		int printed;
>  
> @@ -1702,8 +1702,11 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
>  	}
>  
>  out:
> -	if (needs_cs_close)
> +	if (needs_cs_close) {
>  		cs_close(&handle);
> +		if (free_count > 0)
> +			cs_free(insn, free_count);

It seems cs_free() can handle NULL insn and 0 free_count (like regular free)
so we can call it unconditionally.

Thanks,
Namhyung


> +	}
>  	free(buf);
>  	return count < 0 ? count : 0;
>  
> -- 
> 2.46.0.792.g87dc391469-goog
>
Re: [PATCH v1 1/3] perf disasm: Fix capstone memory leak
Posted by Ian Rogers 2 months ago 
On Tue, Sep 24, 2024 at 11:38 AM Namhyung Kim <namhyung@kernel.org> wrote:
>
> On Mon, Sep 23, 2024 at 05:37:18PM -0700, Ian Rogers wrote:
> > The insn argument passed to cs_disasm needs freeing. To support
> > accurately having count, add an additional free_count variable.
> >
> > Fixes: c5d60de1813a ("perf annotate: Add support to use libcapstone in powerpc")
> > Signed-off-by: Ian Rogers <irogers@google.com>
> > ---
> >  tools/perf/util/disasm.c | 11 +++++++----
> >  1 file changed, 7 insertions(+), 4 deletions(-)
> >
> > diff --git a/tools/perf/util/disasm.c b/tools/perf/util/disasm.c
> > index f05ba7739c1e..2c8063660f2e 100644
> > --- a/tools/perf/util/disasm.c
> > +++ b/tools/perf/util/disasm.c
> > @@ -1627,12 +1627,12 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
> >       u64 start = map__rip_2objdump(map, sym->start);
> >       u64 len;
> >       u64 offset;
> > -     int i, count;
> > +     int i, count, free_count;
> >       bool is_64bit = false;
> >       bool needs_cs_close = false;
> >       u8 *buf = NULL;
> >       csh handle;
> > -     cs_insn *insn;
> > +     cs_insn *insn = NULL;
> >       char disasm_buf[512];
> >       struct disasm_line *dl;
> >
> > @@ -1664,7 +1664,7 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
> >
> >       needs_cs_close = true;
> >
> > -     count = cs_disasm(handle, buf, len, start, len, &insn);
> > +     free_count = count = cs_disasm(handle, buf, len, start, len, &insn);
> >       for (i = 0, offset = 0; i < count; i++) {
> >               int printed;
> >
> > @@ -1702,8 +1702,11 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
> >       }
> >
> >  out:
> > -     if (needs_cs_close)
> > +     if (needs_cs_close) {
> >               cs_close(&handle);
> > +             if (free_count > 0)
> > +                     cs_free(insn, free_count);
>
> It seems cs_free() can handle NULL insn and 0 free_count (like regular free)
> so we can call it unconditionally.

No, on error from cs_disasm free_count gets assigned -1 and my
experience was things crashing.

Thanks,
Ian

>
> > +     }
> >       free(buf);
> >       return count < 0 ? count : 0;
> >
> > --
> > 2.46.0.792.g87dc391469-goog
> >
Re: [PATCH v1 1/3] perf disasm: Fix capstone memory leak
Posted by Namhyung Kim 2 months ago 
On Tue, Sep 24, 2024 at 12:51:20PM -0700, Ian Rogers wrote:
> On Tue, Sep 24, 2024 at 11:38 AM Namhyung Kim <namhyung@kernel.org> wrote:
> >
> > On Mon, Sep 23, 2024 at 05:37:18PM -0700, Ian Rogers wrote:
> > > The insn argument passed to cs_disasm needs freeing. To support
> > > accurately having count, add an additional free_count variable.
> > >
> > > Fixes: c5d60de1813a ("perf annotate: Add support to use libcapstone in powerpc")
> > > Signed-off-by: Ian Rogers <irogers@google.com>
> > > ---
> > >  tools/perf/util/disasm.c | 11 +++++++----
> > >  1 file changed, 7 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/tools/perf/util/disasm.c b/tools/perf/util/disasm.c
> > > index f05ba7739c1e..2c8063660f2e 100644
> > > --- a/tools/perf/util/disasm.c
> > > +++ b/tools/perf/util/disasm.c
> > > @@ -1627,12 +1627,12 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
> > >       u64 start = map__rip_2objdump(map, sym->start);
> > >       u64 len;
> > >       u64 offset;
> > > -     int i, count;
> > > +     int i, count, free_count;
> > >       bool is_64bit = false;
> > >       bool needs_cs_close = false;
> > >       u8 *buf = NULL;
> > >       csh handle;
> > > -     cs_insn *insn;
> > > +     cs_insn *insn = NULL;
> > >       char disasm_buf[512];
> > >       struct disasm_line *dl;
> > >
> > > @@ -1664,7 +1664,7 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
> > >
> > >       needs_cs_close = true;
> > >
> > > -     count = cs_disasm(handle, buf, len, start, len, &insn);
> > > +     free_count = count = cs_disasm(handle, buf, len, start, len, &insn);
> > >       for (i = 0, offset = 0; i < count; i++) {
> > >               int printed;
> > >
> > > @@ -1702,8 +1702,11 @@ static int symbol__disassemble_capstone(char *filename, struct symbol *sym,
> > >       }
> > >
> > >  out:
> > > -     if (needs_cs_close)
> > > +     if (needs_cs_close) {
> > >               cs_close(&handle);
> > > +             if (free_count > 0)
> > > +                     cs_free(insn, free_count);
> >
> > It seems cs_free() can handle NULL insn and 0 free_count (like regular free)
> > so we can call it unconditionally.
> 
> No, on error from cs_disasm free_count gets assigned -1 and my
> experience was things crashing.
 
Ok then, I thought it returns 0 on error.

Thanks,
Namhyung

> >
> > > +     }
> > >       free(buf);
> > >       return count < 0 ? count : 0;
> > >
> > > --
> > > 2.46.0.792.g87dc391469-goog
> > >

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.