[3/4,libbacktrace] Don't point to released memory in backtrace_vector_release

Message ID 20181123205530.GA3517@delia
State New
Headers show
Series
  • Untitled series #9283
Related show

Commit Message

Tom de Vries Nov. 23, 2018, 8:55 p.m.
[ was: Re: [PATCH 2/2][libbacktrace] Don't point to released memory in
backtrace_vector_release ]

On Thu, Nov 22, 2018 at 01:36:49PM +0100, Tom de Vries wrote:
> Hi,

> 

> When backtrace_vector_release is called with vec.size == 0, it releases the

> memory pointed at by vec.base.

> 

> In case of the backtrace_vector_release in alloc.c, vec.base may then be set

> to NULL, but this is not guaranteed.

> 

> Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released

> memory.

> 

> OK for trunk if bootstrap and reg-test on x86_64 succeeds?

> 


Reposting patch with alloc.c part dropped, now that alloc.c has been rewritten
to use free instead of realloc with size 0.

OK for trunk?

Thanks,
- Tom

[libbacktrace] Don't point to released memory in backtrace_vector_release

When backtrace_vector_release is called with vec.size == 0, it releases the
memory pointed at by vec.base.

Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released
memory.

Bootstrapped and reg-tested on x86_64.

2018-11-22  Tom de Vries  <tdevries@suse.de>

	* mmap.c (backtrace_vector_release): Same.
	* unittest.c (test1): Add check.

---
 libbacktrace/mmap.c     | 2 ++
 libbacktrace/unittest.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

Comments

Jeff Law Nov. 26, 2018, 10:25 p.m. | #1
On 11/23/18 1:55 PM, Tom de Vries wrote:
> [ was: Re: [PATCH 2/2][libbacktrace] Don't point to released memory in

> backtrace_vector_release ]

> 

> On Thu, Nov 22, 2018 at 01:36:49PM +0100, Tom de Vries wrote:

>> Hi,

>>

>> When backtrace_vector_release is called with vec.size == 0, it releases the

>> memory pointed at by vec.base.

>>

>> In case of the backtrace_vector_release in alloc.c, vec.base may then be set

>> to NULL, but this is not guaranteed.

>>

>> Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released

>> memory.

>>

>> OK for trunk if bootstrap and reg-test on x86_64 succeeds?

>>

> 

> Reposting patch with alloc.c part dropped, now that alloc.c has been rewritten

> to use free instead of realloc with size 0.

> 

> OK for trunk?

> 

> Thanks,

> - Tom

> 

> [libbacktrace] Don't point to released memory in backtrace_vector_release

> 

> When backtrace_vector_release is called with vec.size == 0, it releases the

> memory pointed at by vec.base.

> 

> Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released

> memory.

> 

> Bootstrapped and reg-tested on x86_64.

> 

> 2018-11-22  Tom de Vries  <tdevries@suse.de>

> 

> 	* mmap.c (backtrace_vector_release): Same.

> 	* unittest.c (test1): Add check.

Looks like this one still is relevant :-)

OK
jeff

Patch

diff --git a/libbacktrace/mmap.c b/libbacktrace/mmap.c
index 32fcba62399..9f896a1bb99 100644
--- a/libbacktrace/mmap.c
+++ b/libbacktrace/mmap.c
@@ -321,5 +321,7 @@  backtrace_vector_release (struct backtrace_state *state,
   backtrace_free (state, (char *) vec->base + aligned, alc,
 		  error_callback, data);
   vec->alc = 0;
+  if (vec->size == 0)
+    vec->base = NULL;
   return 1;
 }
diff --git a/libbacktrace/unittest.c b/libbacktrace/unittest.c
index 576aa080935..3471d78488d 100644
--- a/libbacktrace/unittest.c
+++ b/libbacktrace/unittest.c
@@ -69,7 +69,7 @@  test1 (void)
 
   count = 0;
   res = backtrace_vector_release (state, &vec, error_callback, NULL);
-  failed = res != 1 || count != 0;
+  failed = res != 1 || count != 0 || vec.base != NULL;
 
   printf ("%s: unittest backtrace_vector_release size == 0\n",
 	  failed ? "FAIL": "PASS");