libtraceevent: Reset field properly in event_read_fields()

The field pointer is allocated and added to the fields list in a loop. But it might refer the previous one if it fails to parse before allocating a new one. In that case, it would free the previous field but didn't update the link of the list for the one before it. Moreover, it doesn't need to free the previous one as it finished ok. Let's reset the field pointer at the end of each iteration so that it cannot see the previous one. This was found by a fuzz test with an event having only one field. Link: https://lore.kernel.org/linux-trace-devel/20220607045925.814164-1-namhyung@kernel.org Signed-off-by: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
author: Namhyung Kim <namhyung@kernel.org> 2022-06-06 21:59:25 -0700
committer: Steven Rostedt (Google) <rostedt@goodmis.org> 2022-06-08 11:15:56 -0400
commit: 501695160aebe18e905456fa5562cfda42864cc2 (patch)
tree: e9af07c0b91612c48b329b6ded77ad57a5b5700f
parent: ff09953194e032806c2a0397589e0431c49f99a4 (diff)
download: libtraceevent-501695160aebe18e905456fa5562cfda42864cc2.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/event-parse.c b/src/event-parse.c
index 8f4fb59..1ba2a78 100644
--- a/src/event-parse.c
+++ b/src/event-parse.c
@@ -1902,6 +1902,7 @@ static int event_read_fields(struct tep_event *event, struct tep_format_field **
 
 		*fields = field;
 		fields = &field->next;
+		field = NULL;
 
 	} while (1);
author	Namhyung Kim <namhyung@kernel.org>	2022-06-06 21:59:25 -0700
committer	Steven Rostedt (Google) <rostedt@goodmis.org>	2022-06-08 11:15:56 -0400
commit	501695160aebe18e905456fa5562cfda42864cc2 (patch)
tree	e9af07c0b91612c48b329b6ded77ad57a5b5700f
parent	ff09953194e032806c2a0397589e0431c49f99a4 (diff)
download	libtraceevent-501695160aebe18e905456fa5562cfda42864cc2.tar.gz