Re: [PATCH] perf script: fix segfault when printing callchains using builtin-script
From: Arnaldo Carvalho de Melo
Date: Tue Apr 19 2016 - 23:05:15 EST
Em Tue, Apr 19, 2016 at 07:32:11PM -0700, Chris Phlipot escreveu:
> This fixes a bug caused by an unitialized callchain cursor. The crash
> frist appeared in:
> 6f736735e30f ("perf evsel: Require that callchains be resolved before
> calling fprintf_{sym,callchain}")
>
> The callchain cursor is a struct that contains pointers, that when
> uninitialized will cause unpredictable behavior (usually a crash)
> when trying to append to the callchain.
>
> The existing implementation has the following issues:
> 1. The callchain cursor used is not initialized, resulting in
> unpredictable behavior when used.
> 2. The cursor is declared on the stack. Even if it is properly initalized,
> the implmentation will leak memory when the function returns,
> since all the references to the callchain_nodes allocated by
> callchain_cursor_append will be lost when the cursor goes out of
> scope.
> 3. Storing the cursor on the stack is inefficient. Even if memory is
> properly freed when it goes out of scope, a performance penalty
> will be incurred due to reallocation of callchain nodes.
> callchain_cursor_append is designed to avoid these reallocations
> when an existing cursor is reused.
>
> This patch fixes the crash by replacing cursor_callchain with a reference
> to the global callchain_cursor which also resolves all 3 issues mentioned
> above.
>
> How to reproduce the crash:
> $ perf record --call-graph=dwarf stress -t 1 -c 1
> $ perf script > /dev/null
> Segfault
My bad, applying the patch, thanks!
- Arnaldo