Skip to content

Commit

Permalink
proc: do not access freed memory when discarding shortlived handles
Browse files Browse the repository at this point in the history 
Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
Reviewed-by: Kris Van Hees <kris.van.hees@oracle.com>
  • Loading branch information
@nickalcock @kvanhees
nickalcock authored and kvanhees committed Feb 22, 2024
1 parent d9fbbe8 commit b5b9bd8
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion libdtrace/dt_proc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1853,15 +1853,18 @@ dt_proc_grab(dtrace_hdl_t *dtp, pid_t pid, int flags)
* we know there is no control thread, so it is impossible for anything
* to be holding a reference to it.
*/
for (dpr = dph->dph_hash[h]; dpr != NULL; dpr = dpr->dpr_hash) {
for (dpr = dph->dph_hash[h]; dpr != NULL;) {
if ((dpr->dpr_pid == pid) &&
!(flags & DTRACE_PROC_SHORTLIVED) && !dpr->dpr_tid) {
dt_dprintf("pid %d (cached, but noninvasive) "
"dropped.\n", (int)pid);

dt_proc_t *npr = dpr->dpr_hash;

dt_list_delete(&dph->dph_lrulist, dpr);
dt_proc_destroy(dtp, dpr);
dt_free(dtp, dpr);
dpr = npr;

} else if (dpr->dpr_pid == pid) {
dt_dprintf("grabbed pid %d (cached)\n", (int)pid);
Expand All @@ -1877,6 +1880,8 @@ dt_proc_grab(dtrace_hdl_t *dtp, pid_t pid, int flags)
}
return dpr;
}
else
dpr = dpr->dpr_hash;
}

/*
Expand Down

0 comments on commit b5b9bd8

Please sign in to comment.