| Message ID | 20241213233205.633927-1-ihor.solodrai@pm.me (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [dwarves] btf_encoder: fix memory access bugs | expand |
| Context | Check | Description |
|---|---|---|
| netdev/tree_selection | success | Not a local patch |
On 13/12/2024 23:32, Ihor Solodrai wrote: > When compiled with address sanitizer, a couple of errors were reported > on pahole BTF encoding: > * A memory leak of strdup(func->alias), due to unchecked > reassignment. > * A read of uninitialized memory in gobuffer__sort or bsearch in > case btf_funcs gobuffer is empty. > > Used compiler flags: > -fsanitize=undefined,address > -fsanitize-recover=address > -fno-omit-frame-pointer > > I stumbled on these while working on [1]. > > [1] https://lore.kernel.org/dwarves/20241213223641.564002-1-ihor.solodrai@pm.me/ > > Signed-off-by: Ihor Solodrai <ihor.solodrai@pm.me> Good catches! Two nits below, but Reviewed-by: Alan Maguire <alan.maguire@oracle.com> > --- > btf_encoder.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/btf_encoder.c b/btf_encoder.c > index 3754884..520ff58 100644 > --- a/btf_encoder.c > +++ b/btf_encoder.c > @@ -1793,6 +1793,9 @@ static int btf_encoder__collect_btf_funcs(struct btf_encoder *encoder, struct go > goto out; > } > > + if (gobuffer__nr_entries(funcs) <= 0) == 0 should be fine here since the return value is an unsigned int > + return 0; > + > /* Now that we've collected funcs, sort them by name */ > gobuffer__sort(funcs, sizeof(struct btf_func), btf_func_cmp); > > @@ -1954,6 +1957,11 @@ static int btf_encoder__tag_kfuncs(struct btf_encoder *encoder) > goto out; > } > > + if (gobuffer__nr_entries(&btf_funcs) <= 0) { ditto here > + err = 0; > + goto out; > + } > + > /* First collect all kfunc set ranges. > * > * Note we choose not to sort these ranges and accept a linear > @@ -2607,7 +2615,8 @@ int btf_encoder__encode_cu(struct btf_encoder *encoder, struct cu *cu, struct co > ", has optimized-out parameters" : > fn->proto.unexpected_reg ? ", has unexpected register use by params" : > ""); > - func->alias = strdup(name); > + if (!func->alias) > + func->alias = strdup(name); > } > } > } else {
diff --git a/btf_encoder.c b/btf_encoder.c index 3754884..520ff58 100644 --- a/btf_encoder.c +++ b/btf_encoder.c @@ -1793,6 +1793,9 @@ static int btf_encoder__collect_btf_funcs(struct btf_encoder *encoder, struct go goto out; } + if (gobuffer__nr_entries(funcs) <= 0) + return 0; + /* Now that we've collected funcs, sort them by name */ gobuffer__sort(funcs, sizeof(struct btf_func), btf_func_cmp); @@ -1954,6 +1957,11 @@ static int btf_encoder__tag_kfuncs(struct btf_encoder *encoder) goto out; } + if (gobuffer__nr_entries(&btf_funcs) <= 0) { + err = 0; + goto out; + } + /* First collect all kfunc set ranges. * * Note we choose not to sort these ranges and accept a linear @@ -2607,7 +2615,8 @@ int btf_encoder__encode_cu(struct btf_encoder *encoder, struct cu *cu, struct co ", has optimized-out parameters" : fn->proto.unexpected_reg ? ", has unexpected register use by params" : ""); - func->alias = strdup(name); + if (!func->alias) + func->alias = strdup(name); } } } else {
When compiled with address sanitizer, a couple of errors were reported on pahole BTF encoding: * A memory leak of strdup(func->alias), due to unchecked reassignment. * A read of uninitialized memory in gobuffer__sort or bsearch in case btf_funcs gobuffer is empty. Used compiler flags: -fsanitize=undefined,address -fsanitize-recover=address -fno-omit-frame-pointer I stumbled on these while working on [1]. [1] https://lore.kernel.org/dwarves/20241213223641.564002-1-ihor.solodrai@pm.me/ Signed-off-by: Ihor Solodrai <ihor.solodrai@pm.me> --- btf_encoder.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)