Re: [PATCH] tools lib traceevent: Do not reassign parg after collapse_tree()
From: Namhyung Kim
Date: Thu May 12 2016 - 08:57:37 EST
Hi Steve,
On Thu, May 12, 2016 at 4:09 AM, Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
>
> At the end of process_filter(), collapse_tree() was changed to update the
> parg parameter, but the reassignment after the call wasn't removed.
> What happens is that the "current_op" gets modified and freed and parg
> is assigned to the new allocated argument. But after the call to
> collapse_tree(), parg is assigned again to the just freed "current_op",
> and this causes the tool to crash.
>
> current_op must also be assigned to NULL in case of error, otherwise it
> will cause it to be free()ed twice.
>
> Cc: stable@xxxxxxxxxxxxxxx # 3.14+
> Fixes: 42d6194d133c ("tools lib traceevent: Refactor process_filter()")
> Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
Acked-by: Namhyung Kim <namhyung@xxxxxxxxxx>
Thanks,
Namhyung
> ---
> tools/lib/traceevent/parse-filter.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tools/lib/traceevent/parse-filter.c b/tools/lib/traceevent/parse-filter.c
> index 0144b3d1bb77..88cccea3ca99 100644
> --- a/tools/lib/traceevent/parse-filter.c
> +++ b/tools/lib/traceevent/parse-filter.c
> @@ -1164,11 +1164,11 @@ process_filter(struct event_format *event, struct filter_arg **parg,
> current_op = current_exp;
>
> ret = collapse_tree(current_op, parg, error_str);
> + /* collapse_tree() may free current_op, and updates parg accordingly */
> + current_op = NULL;
> if (ret < 0)
> goto fail;
>
> - *parg = current_op;
> -
> free(token);
> return 0;
>
> --
> 1.8.3.1
>
--
Thanks,
Namhyung