diff options
| author | Steven Rostedt (Google) <rostedt@goodmis.org> | 2022-08-18 22:03:47 -0400 |
|---|---|---|
| committer | Steven Rostedt (Google) <rostedt@goodmis.org> | 2022-09-08 18:20:18 -0400 |
| commit | 0aaa86a54a287f68a4ccafa4af772a7ed9073fde (patch) | |
| tree | 6507ffb5e2c83e435b6f2a4eb5b5ef69cf303bf6 | |
| parent | d2d53404ce37e576b18eebc29c1ff93c191407ba (diff) | |
| download | libtracefs-0aaa86a54a287f68a4ccafa4af772a7ed9073fde.tar.gz | |
libtracefs: Fix use after free in tracefs_synth_alloc()
The synth new_format is set after the error condition is checked and the
synth is freed (on error), causing a SIGSEV when that occurs.
Link: https://lore.kernel.org/linux-trace-devel/20220819020349.747429-2-rostedt@goodmis.org
Fixes: 74a6754b9e67b ("libtracefs: Check README to know if we should do old onmatch format")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
| -rw-r--r-- | src/tracefs-hist.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/tracefs-hist.c b/src/tracefs-hist.c index 2f12cc4..6f7d657 100644 --- a/src/tracefs-hist.c +++ b/src/tracefs-hist.c @@ -1091,9 +1091,8 @@ struct tracefs_synth *tracefs_synth_alloc(struct tep_handle *tep, if (!synth->name || !synth->start_keys || !synth->end_keys || ret) { tracefs_synth_free(synth); synth = NULL; - } - - synth->new_format = has_new_format(); + } else + synth->new_format = has_new_format(); return synth; } |