dso__load_vmlinux() uses the filename passed to it to directly set the dso long_name, which resulted in a use after free due to dso__load_vmlinux_path() treating 0 symbols as a load failure and subsequently freeing the contents of dso->long_name.
Change dso__load_vmlinux() so that finding 0 symbols does not cause it to consider itself loaded, and do not set long_name in such a case. Signed-off-by: Cody P Schafer <c...@linux.vnet.ibm.com> --- tools/perf/util/symbol.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c index 90d2760..9e31cbb 100644 --- a/tools/perf/util/symbol.c +++ b/tools/perf/util/symbol.c @@ -2164,13 +2164,14 @@ int dso__load_vmlinux(struct dso *dso, struct map *map, if (fd < 0) return -1; - dso__set_long_name(dso, (char *)vmlinux); - dso__set_loaded(dso, map->type); err = dso__load_sym(dso, map, symfs_vmlinux, fd, filter, 0, 0); close(fd); - if (err > 0) + if (err > 0) { + dso__set_long_name(dso, (char *)vmlinux); + dso__set_loaded(dso, map->type); pr_debug("Using %s for symbols\n", symfs_vmlinux); + } return err; } -- 1.7.11.3 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/