diff mbox series

[3/4,libbacktrace] Don't point to released memory in backtrace_vector_release

Message ID 20181123205530.GA3517@delia
State New
Headers show
Series None | expand

Commit Message

Tom de Vries Nov. 23, 2018, 8:55 p.m. UTC 
[ was: Re: [PATCH 2/2][libbacktrace] Don't point to released memory in
backtrace_vector_release ]

On Thu, Nov 22, 2018 at 01:36:49PM +0100, Tom de Vries wrote:
> Hi,
> 
> When backtrace_vector_release is called with vec.size == 0, it releases the
> memory pointed at by vec.base.
> 
> In case of the backtrace_vector_release in alloc.c, vec.base may then be set
> to NULL, but this is not guaranteed.
> 
> Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released
> memory.
> 
> OK for trunk if bootstrap and reg-test on x86_64 succeeds?
> 

Reposting patch with alloc.c part dropped, now that alloc.c has been rewritten
to use free instead of realloc with size 0.

OK for trunk?

Thanks,
- Tom

[libbacktrace] Don't point to released memory in backtrace_vector_release

When backtrace_vector_release is called with vec.size == 0, it releases the
memory pointed at by vec.base.

Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released
memory.

Bootstrapped and reg-tested on x86_64.

2018-11-22  Tom de Vries  <tdevries@suse.de>

	* mmap.c (backtrace_vector_release): Same.
	* unittest.c (test1): Add check.

---
 libbacktrace/mmap.c     | 2 ++
 libbacktrace/unittest.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

Comments

Jeff Law Nov. 26, 2018, 10:25 p.m. UTC | #1 
On 11/23/18 1:55 PM, Tom de Vries wrote:
> [ was: Re: [PATCH 2/2][libbacktrace] Don't point to released memory in
> backtrace_vector_release ]
> 
> On Thu, Nov 22, 2018 at 01:36:49PM +0100, Tom de Vries wrote:
>> Hi,
>>
>> When backtrace_vector_release is called with vec.size == 0, it releases the
>> memory pointed at by vec.base.
>>
>> In case of the backtrace_vector_release in alloc.c, vec.base may then be set
>> to NULL, but this is not guaranteed.
>>
>> Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released
>> memory.
>>
>> OK for trunk if bootstrap and reg-test on x86_64 succeeds?
>>
> 
> Reposting patch with alloc.c part dropped, now that alloc.c has been rewritten
> to use free instead of realloc with size 0.
> 
> OK for trunk?
> 
> Thanks,
> - Tom
> 
> [libbacktrace] Don't point to released memory in backtrace_vector_release
> 
> When backtrace_vector_release is called with vec.size == 0, it releases the
> memory pointed at by vec.base.
> 
> Set vec.base set to NULL if vec.size == 0 to ensure we don't point to released
> memory.
> 
> Bootstrapped and reg-tested on x86_64.
> 
> 2018-11-22  Tom de Vries  <tdevries@suse.de>
> 
> 	* mmap.c (backtrace_vector_release): Same.
> 	* unittest.c (test1): Add check.
Looks like this one still is relevant :-)

OK
jeff
diff mbox series

Patch

diff --git a/libbacktrace/mmap.c b/libbacktrace/mmap.c
index 32fcba62399..9f896a1bb99 100644
--- a/libbacktrace/mmap.c
+++ b/libbacktrace/mmap.c
@@ -321,5 +321,7 @@  backtrace_vector_release (struct backtrace_state *state,
   backtrace_free (state, (char *) vec->base + aligned, alc,
 		  error_callback, data);
   vec->alc = 0;
+  if (vec->size == 0)
+    vec->base = NULL;
   return 1;
 }
diff --git a/libbacktrace/unittest.c b/libbacktrace/unittest.c
index 576aa080935..3471d78488d 100644
--- a/libbacktrace/unittest.c
+++ b/libbacktrace/unittest.c
@@ -69,7 +69,7 @@  test1 (void)
 
   count = 0;
   res = backtrace_vector_release (state, &vec, error_callback, NULL);
-  failed = res != 1 || count != 0;
+  failed = res != 1 || count != 0 || vec.base != NULL;
 
   printf ("%s: unittest backtrace_vector_release size == 0\n",
 	  failed ? "FAIL": "PASS");