From: Arnaldo Carvalho de Melo <acme@redhat.com>
Date: Tue, 7 May 2024 03:04:06 +0000 (-0300)
Subject: perf callchain: Use zfree() to avoid possibly accessing dangling pointers
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=54ef362e4daa4a4ecfa2abdc251b21564d27784e;p=linux.git

perf callchain: Use zfree() to avoid possibly accessing dangling pointers

When freeing a->b it is good practice to set a->b to NULL using
zfree(&a->b) so that when we have a bug where a reference to a freed 'a'
pointer is kept somewhere, we can more quickly cause a segfault if some
code tries to use a->b.

Convert one such case in the callchain code.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Ian Rogers <irogers@google.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kan Liang <kan.liang@linux.intel.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: https://lore.kernel.org/lkml/ZjmcGobQ8E52EyjJ@x1
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
---

diff --git a/tools/perf/util/callchain.c b/tools/perf/util/callchain.c
index 68feed8718096..1730b852a9474 100644
--- a/tools/perf/util/callchain.c
+++ b/tools/perf/util/callchain.c
@@ -606,7 +606,7 @@ fill_node(struct callchain_node *node, struct callchain_cursor *cursor)
 					call->brtype_stat = zalloc(sizeof(*call->brtype_stat));
 					if (!call->brtype_stat) {
 						perror("not enough memory for the code path branch statistics");
-						free(call->brtype_stat);
+						zfree(&call->brtype_stat);
 						return -ENOMEM;
 					}
 				}