From: Kamalesh Babulal Date: Mon, 19 Sep 2022 13:54:51 +0000 (-0600) Subject: tools/cgget: fix segfault in get_cv_value() X-Git-Tag: v2.0.3~12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91f1fb6e5cfa3e23d533775edbf7243cf0262a71;p=thirdparty%2Flibcgroup.git tools/cgget: fix segfault in get_cv_value() cgget segfaulted on v2.0.2 branch, with: cgget: cannot find controller 'incal' in group '016cgget' Fatal error: glibc detected an invalid stdio handle Aborted (core dumped) It was caught by ftests/016-cgget-invalid_options.py on Ubuntu 22.04, a simple reproducer on the v2.0.2 branch: $ sudo ./src/tools/cgget -n -v -r invalid.setting 016cgget assuming 016cgget cgroup exists. It is due to the invalid controller name passed to the cgroup_read_value_begin(), which returns failure and callee get_cv_value() in the error clean up path, does a fclose(handle). If (handle != NULL) succeeds because its uninitialized and has some garbage value. Fix this by initializing the handle to NULL. Signed-off-by: Kamalesh Babulal Signed-off-by: Tom Hromatka (cherry picked from commit c8af263a8802b48a3fdc0de68e6408d72619e172) --- diff --git a/src/tools/cgget.c b/src/tools/cgget.c index 42949808..bcbe63cc 100644 --- a/src/tools/cgget.c +++ b/src/tools/cgget.c @@ -461,8 +461,8 @@ static int get_cv_value(struct control_value * const cv, const char * const controller_name) { bool is_multiline = false; + void *tmp, *handle = NULL; char tmp_line[LL_MAX]; - void *handle, *tmp; int ret; ret = cgroup_read_value_begin(controller_name, cg_name, cv->name,