[PATCH v1 1/8] perf ui browser: Don't save pointer to stack memory
From: Ian Rogers
Date: Tue May 07 2024 - 14:36:21 EST
ui_browser__show is capturing the input title that is stack allocated
memory in hist_browser__run. Avoid a use after return by strdup-ing
the string.
Fixes: 05e8b0804ec4 ("perf ui browser: Stop using 'self'")
Signed-off-by: Ian Rogers <irogers@xxxxxxxxxx>
---
tools/perf/ui/browser.c | 4 +++-
tools/perf/ui/browser.h | 2 +-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/perf/ui/browser.c b/tools/perf/ui/browser.c
index 603d11283cbd..c4cdf2ea69b7 100644
--- a/tools/perf/ui/browser.c
+++ b/tools/perf/ui/browser.c
@@ -287,7 +287,8 @@ int ui_browser__show(struct ui_browser *browser, const char *title,
mutex_lock(&ui__lock);
__ui_browser__show_title(browser, title);
- browser->title = title;
+ free(browser->title);
+ browser->title = strdup(title);
zfree(&browser->helpline);
va_start(ap, helpline);
@@ -304,6 +305,7 @@ void ui_browser__hide(struct ui_browser *browser)
mutex_lock(&ui__lock);
ui_helpline__pop();
zfree(&browser->helpline);
+ zfree(&browser->title);
mutex_unlock(&ui__lock);
}
diff --git a/tools/perf/ui/browser.h b/tools/perf/ui/browser.h
index 510ce4554050..6e98d5f8f71c 100644
--- a/tools/perf/ui/browser.h
+++ b/tools/perf/ui/browser.h
@@ -21,7 +21,7 @@ struct ui_browser {
u8 extra_title_lines;
int current_color;
void *priv;
- const char *title;
+ char *title;
char *helpline;
const char *no_samples_msg;
void (*refresh_dimensions)(struct ui_browser *browser);
--
2.45.0.rc1.225.g2a3ae87e7f-goog