The parse events parser leaks memory for certain expressions as well as allowing a char* to reference stack, heap or .rodata. This series of patches improves the hygeine and adds free-ing operations to reclaim memory in the parser in error and non-error situations.
The series of patches was generated with LLVM's address sanitizer and libFuzzer: https://llvm.org/docs/LibFuzzer.html called on the parse_events function with randomly generated input. With the patches no leaks or memory corruption issues were present. These patches are preferable to an earlier proposed patch: perf tools: avoid reading out of scope array Ian Rogers (9): perf tools: add parse events append error perf tools: splice events onto evlist even on error perf tools: ensure config and str in terms are unique perf tools: move ALLOC_LIST into a function perf tools: avoid a malloc for array events perf tools: add destructors for parse event terms perf tools: before yyabort-ing free components perf tools: if pmu configuration fails free terms perf tools: add a deep delete for parse event terms tools/perf/util/parse-events.c | 177 ++++++++++----- tools/perf/util/parse-events.h | 3 + tools/perf/util/parse-events.y | 388 ++++++++++++++++++++++++--------- tools/perf/util/pmu.c | 38 ++-- 4 files changed, 431 insertions(+), 175 deletions(-) -- 2.23.0.866.gb869b98d4c-goog
