Re: [PATCH v2 perf/core] perf script: fix a use after free crash.

From: Arnaldo Carvalho de Melo
Date: Mon Jan 02 2017 - 19:34:28 EST


Em Mon, Jan 02, 2017 at 04:39:04PM -0300, Arnaldo Carvalho de Melo escreveu:
> Em Mon, Jan 02, 2017 at 02:36:57PM -0300, Arnaldo Carvalho de Melo escreveu:
> > Em Mon, Jan 02, 2017 at 02:35:30PM -0300, Arnaldo Carvalho de Melo escreveu:
> > > Em Mon, Jan 02, 2017 at 12:15:14PM -0300, Arnaldo Carvalho de Melo escreveu:
> > {
> > zfree(&iter->priv);
> > iter->he = NULL;
> > + map__zput(al->map);
>
> What this pairs to? I was expecting that since this is called via:
>
> hist_entry_iter__add()
> {
> <SNIP>
> err2 = iter->ops->finish_entry(iter, al);
> }
>
> Then it would have to match something done earlier in
> hist_entry_iter__add(), most likely by some iter->ops->() method, but I
> couldn'd find anything to that extent, can you clarify?

With the following patch it has been running all day, care to explain
why it is needed? I need to run this on valgrind or with Masami's
refcount debugger to get more clues :-\

- Arnaldo

diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
index 72f5c82798e9..c27bda16e9cd 100644
--- a/tools/perf/util/hist.c
+++ b/tools/perf/util/hist.c
@@ -980,7 +980,6 @@ iter_finish_cumulative_entry(struct hist_entry_iter *iter,
{
zfree(&iter->priv);
iter->he = NULL;
- map__zput(al->map);

return 0;
}