perf tools: Use zfree to help detect use after free bugs
authorArnaldo Carvalho de Melo <acme@redhat.com>
Fri, 27 Dec 2013 19:55:14 +0000 (16:55 -0300)
committerArnaldo Carvalho de Melo <acme@redhat.com>
Fri, 27 Dec 2013 20:08:19 +0000 (17:08 -0300)
Several areas already used this technique, so do some audit to
consistently use it elsewhere.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Link: http://lkml.kernel.org/n/tip-9sbere0kkplwe45ak6rk4a1f@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
29 files changed:
tools/perf/builtin-diff.c
tools/perf/builtin-sched.c
tools/perf/builtin-script.c
tools/perf/ui/browsers/hists.c
tools/perf/ui/stdio/hist.c
tools/perf/util/annotate.c
tools/perf/util/cgroup.c
tools/perf/util/comm.c
tools/perf/util/evsel.c
tools/perf/util/header.c
tools/perf/util/help.c
tools/perf/util/hist.c
tools/perf/util/parse-events.c
tools/perf/util/pmu.c
tools/perf/util/probe-event.c
tools/perf/util/probe-finder.c
tools/perf/util/session.c
tools/perf/util/srcline.c
tools/perf/util/strbuf.c
tools/perf/util/strfilter.c
tools/perf/util/string.c
tools/perf/util/strlist.c
tools/perf/util/svghelper.c
tools/perf/util/symbol-elf.c
tools/perf/util/symbol-minimal.c
tools/perf/util/symbol.c
tools/perf/util/thread_map.c
tools/perf/util/trace-event-info.c
tools/perf/util/values.c

index 2a85cc9a2d097828e4b9aff3a958a2021d402b16..e6a0844bc2f0e0f50ee3cad7d1c0edafb7c03aa7 100644 (file)
@@ -654,7 +654,7 @@ static void data__free(struct data__file *d)
        for (col = 0; col < PERF_HPP_DIFF__MAX_INDEX; col++) {
                struct diff_hpp_fmt *fmt = &d->fmt[col];
 
-               free(fmt->header);
+               zfree(&fmt->header);
        }
 }
 
index 0f3c65518a2c669a9b83ad255d1018368de6ec69..6a76a07b67890c253fbb1e227e9aaa980b499779 100644 (file)
@@ -469,7 +469,7 @@ static void *thread_func(void *ctx)
        char comm2[22];
        int fd;
 
-       free(parms);
+       zfree(&parms);
 
        sprintf(comm2, ":%s", this_task->comm);
        prctl(PR_SET_NAME, comm2);
index 62ef190c43202f9201bed2d1ba0861558cc86f19..6040000bdfa6f29f9d6e6c6f2626920146e7a192 100644 (file)
@@ -1102,9 +1102,9 @@ static struct script_desc *script_desc__new(const char *name)
 
 static void script_desc__delete(struct script_desc *s)
 {
-       free(s->name);
-       free(s->half_liner);
-       free(s->args);
+       zfree(&s->name);
+       zfree(&s->half_liner);
+       zfree(&s->args);
        free(s);
 }
 
index 022d1731b80128d594299e7e44eefb8ecf3c91e4..a7045ea6d1d5efee4c105e3720faa9fc4e7d8296 100644 (file)
@@ -1327,7 +1327,7 @@ static int switch_data_file(void)
 
                        abs_path[nr_options] = strdup(path);
                        if (!abs_path[nr_options]) {
-                               free(options[nr_options]);
+                               zfree(&options[nr_options]);
                                ui__warning("Can't search all data files due to memory shortage.\n");
                                fclose(file);
                                break;
index c244cb524ef2cc9d4e3eafabe065c8eef60b60a6..831fbb77d1ff010ab786ff12ee747aaf8873bcbe 100644 (file)
@@ -510,7 +510,7 @@ print_entries:
 
        free(line);
 out:
-       free(rem_sq_bracket);
+       zfree(&rem_sq_bracket);
 
        return ret;
 }
index a78721d14694eb51bae5763faac0cd6c570c7b13..469eb679fb9d09d9e96e8687cc2051fa44f86565 100644 (file)
@@ -26,10 +26,10 @@ static int disasm_line__parse(char *line, char **namep, char **rawp);
 
 static void ins__delete(struct ins_operands *ops)
 {
-       free(ops->source.raw);
-       free(ops->source.name);
-       free(ops->target.raw);
-       free(ops->target.name);
+       zfree(&ops->source.raw);
+       zfree(&ops->source.name);
+       zfree(&ops->target.raw);
+       zfree(&ops->target.name);
 }
 
 static int ins__raw_scnprintf(struct ins *ins, char *bf, size_t size,
@@ -204,9 +204,9 @@ static int lock__scnprintf(struct ins *ins, char *bf, size_t size,
 
 static void lock__delete(struct ins_operands *ops)
 {
-       free(ops->locked.ops);
-       free(ops->target.raw);
-       free(ops->target.name);
+       zfree(&ops->locked.ops);
+       zfree(&ops->target.raw);
+       zfree(&ops->target.name);
 }
 
 static struct ins_ops lock_ops = {
@@ -583,7 +583,7 @@ static struct disasm_line *disasm_line__new(s64 offset, char *line, size_t privs
        return dl;
 
 out_free_line:
-       free(dl->line);
+       zfree(&dl->line);
 out_delete:
        free(dl);
        return NULL;
@@ -591,8 +591,8 @@ out_delete:
 
 void disasm_line__free(struct disasm_line *dl)
 {
-       free(dl->line);
-       free(dl->name);
+       zfree(&dl->line);
+       zfree(&dl->name);
        if (dl->ins && dl->ins->ops->free)
                dl->ins->ops->free(&dl->ops);
        else
index 96bbda1ddb838d050ba5facf7c71ba4f8a5a1bc9..0922aa4218c2d9a134e00236fb996bd52ab59a75 100644 (file)
@@ -133,7 +133,7 @@ void close_cgroup(struct cgroup_sel *cgrp)
        /* XXX: not reentrant */
        if (--cgrp->refcnt == 0) {
                close(cgrp->fd);
-               free(cgrp->name);
+               zfree(&cgrp->name);
                free(cgrp);
        }
 }
index ee0df0e24cdbd4f37e33aaa088c3b1465941d4b1..67d1e404c0cb732d29394eebab3a2125035d3447 100644 (file)
@@ -21,7 +21,7 @@ static void comm_str__put(struct comm_str *cs)
 {
        if (!--cs->ref) {
                rb_erase(&cs->rb_node, &comm_str_root);
-               free(cs->str);
+               zfree(&cs->str);
                free(cs);
        }
 }
index 93b6031d5459f244062d37ec7ebb01f093b3b313..ade8d9c1c43135688717214c48bb93f1a1556c28 100644 (file)
@@ -208,7 +208,7 @@ struct perf_evsel *perf_evsel__newtp_idx(const char *sys, const char *name, int
        return evsel;
 
 out_free:
-       free(evsel->name);
+       zfree(&evsel->name);
        free(evsel);
        return NULL;
 }
@@ -766,7 +766,7 @@ void perf_evsel__close_fd(struct perf_evsel *evsel, int ncpus, int nthreads)
 
 void perf_evsel__free_counts(struct perf_evsel *evsel)
 {
-       free(evsel->counts);
+       zfree(&evsel->counts);
 }
 
 void perf_evsel__exit(struct perf_evsel *evsel)
@@ -780,10 +780,10 @@ void perf_evsel__delete(struct perf_evsel *evsel)
 {
        perf_evsel__exit(evsel);
        close_cgroup(evsel->cgrp);
-       free(evsel->group_name);
+       zfree(&evsel->group_name);
        if (evsel->tp_format)
                pevent_free_format(evsel->tp_format);
-       free(evsel->name);
+       zfree(&evsel->name);
        free(evsel);
 }
 
index 20f3a9c97bd886cecc2ddc40d4715f7e93f0d9b5..a4a60b7887eeb9c96b22258afc7462c8f8caf5ab 100644 (file)
@@ -800,10 +800,10 @@ static void free_cpu_topo(struct cpu_topo *tp)
                return;
 
        for (i = 0 ; i < tp->core_sib; i++)
-               free(tp->core_siblings[i]);
+               zfree(&tp->core_siblings[i]);
 
        for (i = 0 ; i < tp->thread_sib; i++)
-               free(tp->thread_siblings[i]);
+               zfree(&tp->thread_siblings[i]);
 
        free(tp);
 }
@@ -1232,8 +1232,8 @@ static void free_event_desc(struct perf_evsel *events)
                return;
 
        for (evsel = events; evsel->attr.size; evsel++) {
-               free(evsel->name);
-               free(evsel->id);
+               zfree(&evsel->name);
+               zfree(&evsel->id);
        }
 
        free(events);
@@ -2105,7 +2105,7 @@ static int process_group_desc(struct perf_file_section *section __maybe_unused,
        ret = 0;
 out_free:
        for (i = 0; i < nr_groups; i++)
-               free(desc[i].name);
+               zfree(&desc[i].name);
        free(desc);
 
        return ret;
index 7b68978e50d24d98c7da185c606ca8e8b9be8a3a..86c37c472263568bdc1cfe24458653c535da9a87 100644 (file)
@@ -22,8 +22,8 @@ static void clean_cmdnames(struct cmdnames *cmds)
        unsigned int i;
 
        for (i = 0; i < cmds->cnt; ++i)
-               free(cmds->names[i]);
-       free(cmds->names);
+               zfree(&cmds->names[i]);
+       zfree(&cmds->names);
        cmds->cnt = 0;
        cmds->alloc = 0;
 }
index 6cd4823a7a8bed9781d1f81a1affe76a0011798d..4ed3e883240d48a6183cd525ec87aef47f8fab44 100644 (file)
@@ -372,7 +372,7 @@ static struct hist_entry *add_hist_entry(struct hists *hists,
                         * This mem info was allocated from machine__resolve_mem
                         * and will not be used anymore.
                         */
-                       free(entry->mem_info);
+                       zfree(&entry->mem_info);
 
                        /* If the map of an existing hist_entry has
                         * become out-of-date due to an exec() or
@@ -475,8 +475,8 @@ hist_entry__collapse(struct hist_entry *left, struct hist_entry *right)
 
 void hist_entry__free(struct hist_entry *he)
 {
-       free(he->branch_info);
-       free(he->mem_info);
+       zfree(&he->branch_info);
+       zfree(&he->mem_info);
        free_srcline(he->srcline);
        free(he);
 }
index 094c28ba2faecfdd44d92d1262055b6a5383f6e9..0153435b84277948f87a08ae77e43f1d035470e4 100644 (file)
@@ -204,7 +204,7 @@ struct tracepoint_path *tracepoint_id_to_path(u64 config)
                                }
                                path->name = malloc(MAX_EVENT_LENGTH);
                                if (!path->name) {
-                                       free(path->system);
+                                       zfree(&path->system);
                                        free(path);
                                        return NULL;
                                }
@@ -236,8 +236,8 @@ struct tracepoint_path *tracepoint_name_to_path(const char *name)
        path->name = strdup(str+1);
 
        if (path->system == NULL || path->name == NULL) {
-               free(path->system);
-               free(path->name);
+               zfree(&path->system);
+               zfree(&path->name);
                free(path);
                path = NULL;
        }
@@ -917,7 +917,7 @@ int parse_events_terms(struct list_head *terms, const char *str)
        ret = parse_events__scanner(str, &data, PE_START_TERMS);
        if (!ret) {
                list_splice(data.terms, terms);
-               free(data.terms);
+               zfree(&data.terms);
                return 0;
        }
 
index 56fc10a5e288142a04bda6d4086c14763531a11f..0934d645ebdc4bdf687e322fd8065b9e00cd666a 100644 (file)
@@ -755,7 +755,7 @@ void print_pmu_events(const char *event_glob, bool name_only)
                        continue;
                }
                printf("  %-50s [Kernel PMU event]\n", aliases[j]);
-               free(aliases[j]);
+               zfree(&aliases[j]);
                printed++;
        }
        if (printed)
index 4d3cd1a0278a1eb938d19ce470cbe52ad5574002..86ed8580c3cbc71da06cd0f366051e0a30607c75 100644 (file)
@@ -356,7 +356,7 @@ static int add_exec_to_probe_trace_events(struct probe_trace_event *tevs,
                offset = tevs[i].point.address - stext;
                offset += tevs[i].point.offset;
                tevs[i].point.offset = 0;
-               free(tevs[i].point.symbol);
+               zfree(&tevs[i].point.symbol);
                ret = e_snprintf(buf, 32, "0x%lx", offset);
                if (ret < 0)
                        break;
@@ -683,7 +683,7 @@ static int show_available_vars_at(struct debuginfo *dinfo,
                 */
                fprintf(stdout, "\t@<%s+%lu>\n", vl->point.symbol,
                        vl->point.offset);
-               free(vl->point.symbol);
+               zfree(&vl->point.symbol);
                nvars = 0;
                if (vl->vars) {
                        strlist__for_each(node, vl->vars) {
@@ -1592,7 +1592,7 @@ void clear_perf_probe_event(struct perf_probe_event *pev)
                field = pev->args[i].field;
                while (field) {
                        next = field->next;
-                       free(field->name);
+                       zfree(&field->name);
                        free(field);
                        field = next;
                }
@@ -2153,7 +2153,7 @@ end:
        for (i = 0; i < npevs; i++) {
                for (j = 0; j < pkgs[i].ntevs; j++)
                        clear_probe_trace_event(&pkgs[i].tevs[j]);
-               free(pkgs[i].tevs);
+               zfree(&pkgs[i].tevs);
        }
        free(pkgs);
 
index 6d8796e38d7f2ff6b333b29291bba3062719fe5d..061edb162b5ba03f9b4f883543faa5c0f27e371d 100644 (file)
@@ -1409,7 +1409,7 @@ int debuginfo__find_available_vars_at(struct debuginfo *dbg,
        if (ret < 0) {
                /* Free vlist for error */
                while (af.nvls--) {
-                       free(af.vls[af.nvls].point.symbol);
+                       zfree(&af.vls[af.nvls].point.symbol);
                        strlist__delete(af.vls[af.nvls].vars);
                }
                zfree(vls);
index d3a857be96821345f5aa04ab12db3c8c0c1e9f84..8ffe29c55d0f0e39d8fff0eeeae18fa5fc893627 100644 (file)
@@ -132,18 +132,18 @@ static void perf_session__delete_threads(struct perf_session *session)
 
 static void perf_session_env__delete(struct perf_session_env *env)
 {
-       free(env->hostname);
-       free(env->os_release);
-       free(env->version);
-       free(env->arch);
-       free(env->cpu_desc);
-       free(env->cpuid);
-
-       free(env->cmdline);
-       free(env->sibling_cores);
-       free(env->sibling_threads);
-       free(env->numa_nodes);
-       free(env->pmu_mappings);
+       zfree(&env->hostname);
+       zfree(&env->os_release);
+       zfree(&env->version);
+       zfree(&env->arch);
+       zfree(&env->cpu_desc);
+       zfree(&env->cpuid);
+
+       zfree(&env->cmdline);
+       zfree(&env->sibling_cores);
+       zfree(&env->sibling_threads);
+       zfree(&env->numa_nodes);
+       zfree(&env->pmu_mappings);
 }
 
 void perf_session__delete(struct perf_session *session)
index 58b2bd8f38c9ede39a87daf2e59b551bcc1225d5..7e67879ebd2548cd1bf0d92511b10f776e128a4b 100644 (file)
@@ -129,7 +129,7 @@ static struct a2l_data *addr2line_init(const char *path)
 
 out:
        if (a2l) {
-               free((void *)a2l->input);
+               zfree((void **)&a2l->input);
                free(a2l);
        }
        bfd_close(abfd);
@@ -140,8 +140,8 @@ static void addr2line_cleanup(struct a2l_data *a2l)
 {
        if (a2l->abfd)
                bfd_close(a2l->abfd);
-       free((void *)a2l->input);
-       free(a2l->syms);
+       zfree((void **)&a2l->input);
+       zfree(&a2l->syms);
        free(a2l);
 }
 
index cfa906882e2ceb2ed138fb4fd996474324f4d6c3..4abe23550c73808b16586ac4121bcde244a7fba8 100644 (file)
@@ -28,7 +28,7 @@ void strbuf_init(struct strbuf *sb, ssize_t hint)
 void strbuf_release(struct strbuf *sb)
 {
        if (sb->alloc) {
-               free(sb->buf);
+               zfree(&sb->buf);
                strbuf_init(sb, 0);
        }
 }
index 3edd0538161f3556f49ca1e10b1f3a1edd2e6468..79a757a2a15c22db5eec8494d662071cde57a12e 100644 (file)
@@ -14,7 +14,7 @@ static void strfilter_node__delete(struct strfilter_node *node)
 {
        if (node) {
                if (node->p && !is_operator(*node->p))
-                       free((char *)node->p);
+                       zfree((char **)&node->p);
                strfilter_node__delete(node->l);
                strfilter_node__delete(node->r);
                free(node);
index f0b0c008c5075005b562a2a5a2e938dd2644ea51..2553e5b55b8996175220d8fc16cfb403161f35b7 100644 (file)
@@ -128,7 +128,7 @@ void argv_free(char **argv)
 {
        char **p;
        for (p = argv; *p; p++)
-               free(*p);
+               zfree(p);
 
        free(argv);
 }
index eabdce0a2daa0a0a2c5c882529617322ce6e8852..61a90bf24b4db93da3757a08aeb7b70ec2ef9015 100644 (file)
@@ -5,6 +5,7 @@
  */
 
 #include "strlist.h"
+#include "util.h"
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -38,7 +39,7 @@ out_delete:
 static void str_node__delete(struct str_node *snode, bool dupstr)
 {
        if (dupstr)
-               free((void *)snode->s);
+               zfree((void **)&snode->s);
        free(snode);
 }
 
index 56a84f2cc46d520f2ae68954c8b1d69bef697cc7..43262b83c5411894f3dff3244782b6bd8bfe580d 100644 (file)
@@ -21,6 +21,7 @@
 
 #include "perf.h"
 #include "svghelper.h"
+#include "util.h"
 #include "cpumap.h"
 
 static u64 first_time, last_time;
@@ -708,8 +709,8 @@ int svg_build_topology_map(char *sib_core, int sib_core_nr,
        return 0;
 
 exit:
-       free(t.sib_core);
-       free(t.sib_thr);
+       zfree(&t.sib_core);
+       zfree(&t.sib_thr);
 
        return -1;
 }
index bf0ce29567b6fc5d28abaefb4ae25f55be77b4f2..4b0a127a4d3b43c7a8230dffe04b1cefb720a301 100644 (file)
@@ -554,7 +554,7 @@ bool symsrc__has_symtab(struct symsrc *ss)
 
 void symsrc__destroy(struct symsrc *ss)
 {
-       free(ss->name);
+       zfree(&ss->name);
        elf_end(ss->elf);
        close(ss->fd);
 }
index ac7070a2f2b6defd3cbd62396ed5122584b9ef4c..bd15f490d04fe5ea83607d761b65bcdfca09cbbe 100644 (file)
@@ -1,4 +1,5 @@
 #include "symbol.h"
+#include "util.h"
 
 #include <stdio.h>
 #include <fcntl.h>
@@ -275,7 +276,7 @@ bool symsrc__has_symtab(struct symsrc *ss __maybe_unused)
 
 void symsrc__destroy(struct symsrc *ss)
 {
-       free(ss->name);
+       zfree(&ss->name);
        close(ss->fd);
 }
 
index fd9e1a4fad1669038fe0568c38b417b459afc71f..39ce9adbaaf0bef120e0903e72ad1e98f8114527 100644 (file)
@@ -796,7 +796,7 @@ static void delete_modules(struct rb_root *modules)
                mi = rb_entry(next, struct module_info, rb_node);
                next = rb_next(&mi->rb_node);
                rb_erase(&mi->rb_node, modules);
-               free(mi->name);
+               zfree(&mi->name);
                free(mi);
        }
 }
index cf44644a4058fd8a8bac0fedfbc8dd0207523d89..5d32159121058cbd3e63a26f1fefbe8584224f7e 100644 (file)
@@ -41,7 +41,7 @@ struct thread_map *thread_map__new_by_pid(pid_t pid)
        }
 
        for (i=0; i<items; i++)
-               free(namelist[i]);
+               zfree(&namelist[i]);
        free(namelist);
 
        return threads;
@@ -118,7 +118,7 @@ struct thread_map *thread_map__new_by_uid(uid_t uid)
                        threads->map[threads->nr + i] = atoi(namelist[i]->d_name);
 
                for (i = 0; i < items; i++)
-                       free(namelist[i]);
+                       zfree(&namelist[i]);
                free(namelist);
 
                threads->nr += items;
@@ -135,7 +135,7 @@ out_free_threads:
 
 out_free_namelist:
        for (i = 0; i < items; i++)
-               free(namelist[i]);
+               zfree(&namelist[i]);
        free(namelist);
 
 out_free_closedir:
@@ -194,7 +194,7 @@ static struct thread_map *thread_map__new_by_pid_str(const char *pid_str)
 
                for (i = 0; i < items; i++) {
                        threads->map[j++] = atoi(namelist[i]->d_name);
-                       free(namelist[i]);
+                       zfree(&namelist[i]);
                }
                threads->nr = total_tasks;
                free(namelist);
@@ -206,7 +206,7 @@ out:
 
 out_free_namelist:
        for (i = 0; i < items; i++)
-               free(namelist[i]);
+               zfree(&namelist[i]);
        free(namelist);
 
 out_free_threads:
index 9f73bf43862c5e73d4f22b519b25ef7156f97576..7e6fcfe8b43853da45767687f4eb9d6e1453f6c1 100644 (file)
@@ -397,8 +397,8 @@ put_tracepoints_path(struct tracepoint_path *tps)
                struct tracepoint_path *t = tps;
 
                tps = tps->next;
-               free(t->name);
-               free(t->system);
+               zfree(&t->name);
+               zfree(&t->system);
                free(t);
        }
 }
index 697c8b4e59cc0cc4b906a73e0207364d4960854e..0fb3c1fcd3e62d0a1b26c032c0128ded5ef84035 100644 (file)
@@ -31,14 +31,14 @@ void perf_read_values_destroy(struct perf_read_values *values)
                return;
 
        for (i = 0; i < values->threads; i++)
-               free(values->value[i]);
-       free(values->value);
-       free(values->pid);
-       free(values->tid);
-       free(values->counterrawid);
+               zfree(&values->value[i]);
+       zfree(&values->value);
+       zfree(&values->pid);
+       zfree(&values->tid);
+       zfree(&values->counterrawid);
        for (i = 0; i < values->counters; i++)
-               free(values->countername[i]);
-       free(values->countername);
+               zfree(&values->countername[i]);
+       zfree(&values->countername);
 }
 
 static void perf_read_values__enlarge_threads(struct perf_read_values *values)