Re: [PATCH v2] perf: fix double free at function perf_hpp__reset_output_field

From: Du, Changbin
Date: Tue Apr 11 2017 - 04:29:00 EST


> > (gdb) print fmt.sort_list
> > $5 = {next = 0x9727d0 <perf_hpp_list+16>, prev = 0x9727d0 <perf_hpp_list+16>}
> >
> > In this case, the fmt is linked in sort_list, but not in list. So crash
> > at the list_del_init(&fmt->list) of second loop.
>
> so the only place I can see the POISON could get there
> is in perf_hpp__column_unregister.. can't we just get
> rid of it like below
>
> jirka
>
>
> ---
> diff --git a/tools/perf/ui/hist.c b/tools/perf/ui/hist.c
> index 5d632dca672a..7577effbf746 100644
> --- a/tools/perf/ui/hist.c
> +++ b/tools/perf/ui/hist.c
> @@ -529,7 +529,7 @@ void perf_hpp_list__prepend_sort_field(struct perf_hpp_list *list,
>
> void perf_hpp__column_unregister(struct perf_hpp_fmt *format)
> {
> - list_del(&format->list);
> + list_del_init(&format->list);
> }
>
yes, this is an option. But for safety, I sugguest do not rely on list_del_init.
No rule rather than create one.

But anyway, both are ok for me. What's your options?

> void perf_hpp__cancel_cumulate(void)

--
Thanks,
Changbin Du

Attachment: signature.asc
Description: PGP signature