[DTrace-devel] [PATCH] Fix double-free of dt_datadesc_t structures

[Eugene Loh]

On 04/08/2020 08:00 AM, Kris Van Hees wrote:

> While the dt_datadesc_t structures were introduced with a reference
> count (along with dt_datadesc_hold() and dt_datadesc_release()functions

Space between "dt_datadesc_release()" and "functions".
Optionally, use dashes rather than parentheses to bracket the phrase 
"along with...to manage them".
(English teachers are less enthusiastic about nested parentheses than 
are programmers.)
But those are clearly nits.  lgtm.

> to manage them), there was still a direct dt_free() of a dt_datadesc_t
> structure in dtrace_stmt_destroy().
>
> Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
> ---
>   libdtrace/dt_impl.h    | 1 +
>   libdtrace/dt_map.c     | 2 +-
>   libdtrace/dt_program.c | 2 +-
>   3 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/libdtrace/dt_impl.h b/libdtrace/dt_impl.h
> index efc87134..d63ac858 100644
> --- a/libdtrace/dt_impl.h
> +++ b/libdtrace/dt_impl.h
> @@ -725,6 +725,7 @@ extern int dt_aggregate_go(dtrace_hdl_t *);
>   extern int dt_aggregate_init(dtrace_hdl_t *);
>   extern void dt_aggregate_destroy(dtrace_hdl_t *);
>   
> +extern void dt_datadesc_release(dtrace_hdl_t *, dtrace_datadesc_t *);
>   extern dtrace_datadesc_t *dt_datadesc_create(dtrace_hdl_t *);
>   extern int dt_datadesc_finalize(dtrace_hdl_t *, dtrace_datadesc_t *);
>   extern dtrace_epid_t dt_epid_add(dtrace_hdl_t *, dtrace_datadesc_t *,
> diff --git a/libdtrace/dt_map.c b/libdtrace/dt_map.c
> index a6cf0c58..8d491290 100644
> --- a/libdtrace/dt_map.c
> +++ b/libdtrace/dt_map.c
> @@ -21,7 +21,7 @@ dt_datadesc_hold(dtrace_datadesc_t *ddp)
>   	ddp->dtdd_refcnt++;
>   }
>   
> -static void
> +void
>   dt_datadesc_release(dtrace_hdl_t *dtp, dtrace_datadesc_t *ddp)
>   {
>   	if (--ddp->dtdd_refcnt > 0)
> diff --git a/libdtrace/dt_program.c b/libdtrace/dt_program.c
> index b154668d..0b5eb4f0 100644
> --- a/libdtrace/dt_program.c
> +++ b/libdtrace/dt_program.c
> @@ -355,7 +355,7 @@ dtrace_stmt_destroy(dtrace_hdl_t *dtp, dtrace_stmtdesc_t *sdp)
>   		dt_printf_destroy(sdp->dtsd_fmtdata);
>   
>   	dt_ecbdesc_release(dtp, sdp->dtsd_ecbdesc);
> -	dt_free(dtp, sdp->dtsd_ddesc);
> +	dt_datadesc_release(dtp, sdp->dtsd_ddesc);
>   	dt_free(dtp, sdp);
>   }
>