Re: [PATCH v2] perf: fix double free at function perf_hpp__reset_output_field
From: Jiri Olsa
Date: Tue Apr 11 2017 - 06:20:32 EST
On Tue, Apr 11, 2017 at 04:25:50PM +0800, Du, Changbin wrote:
> > > (gdb) print fmt.sort_list
> > > $5 = {next = 0x9727d0 <perf_hpp_list+16>, prev = 0x9727d0 <perf_hpp_list+16>}
> > >
> > > In this case, the fmt is linked in sort_list, but not in list. So crash
> > > at the list_del_init(&fmt->list) of second loop.
> >
> > so the only place I can see the POISON could get there
> > is in perf_hpp__column_unregister.. can't we just get
> > rid of it like below
> >
> > jirka
> >
> >
> > ---
> > diff --git a/tools/perf/ui/hist.c b/tools/perf/ui/hist.c
> > index 5d632dca672a..7577effbf746 100644
> > --- a/tools/perf/ui/hist.c
> > +++ b/tools/perf/ui/hist.c
> > @@ -529,7 +529,7 @@ void perf_hpp_list__prepend_sort_field(struct perf_hpp_list *list,
> >
> > void perf_hpp__column_unregister(struct perf_hpp_fmt *format)
> > {
> > - list_del(&format->list);
> > + list_del_init(&format->list);
> > }
> >
> yes, this is an option. But for safety, I sugguest do not rely on list_del_init.
> No rule rather than create one.
>
> But anyway, both are ok for me. What's your options?
hum, also I dont think we need to touch that bit at all
if we are going to remove it right away.. how about the
change below?
jirka
---
diff --git a/tools/perf/ui/hist.c b/tools/perf/ui/hist.c
index 5d632dca672a..0ee7db43dd7d 100644
--- a/tools/perf/ui/hist.c
+++ b/tools/perf/ui/hist.c
@@ -613,15 +613,15 @@ void perf_hpp__reset_output_field(struct perf_hpp_list *list)
/* reset output fields */
perf_hpp_list__for_each_format_safe(list, fmt, tmp) {
- list_del_init(&fmt->list);
- list_del_init(&fmt->sort_list);
+ list_del(&fmt->list);
+ /* Remove the fmt from next loop processing. */
+ list_del(&fmt->sort_list);
fmt_free(fmt);
}
/* reset sort keys */
perf_hpp_list__for_each_sort_list_safe(list, fmt, tmp) {
- list_del_init(&fmt->list);
- list_del_init(&fmt->sort_list);
+ list_del(&fmt->sort_list);
fmt_free(fmt);
}
}