From: Kamalesh Babulal Date: Mon, 19 Sep 2022 13:53:23 +0000 (-0600) Subject: tools/cgget: fix segfault in get_cv_value() X-Git-Tag: v3.1.0~307 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c8af263a8802b48a3fdc0de68e6408d72619e172;p=thirdparty%2Flibcgroup.git tools/cgget: fix segfault in get_cv_value() cgget segfaulted on v2.0.2 branch, with: cgget: cannot find controller 'incal' in group '016cgget' Fatal error: glibc detected an invalid stdio handle Aborted (core dumped) It was caught by ftests/016-cgget-invalid_options.py on Ubuntu 22.04, a simple reproducer on the v2.0.2 branch: $ sudo ./src/tools/cgget -n -v -r invalid.setting 016cgget assuming 016cgget cgroup exists. It is due to the invalid controller name passed to the cgroup_read_value_begin(), which returns failure and callee get_cv_value() in the error clean up path, does a fclose(handle). If (handle != NULL) succeeds because its uninitialized and has some garbage value. Fix this by initializing the handle to NULL. Signed-off-by: Kamalesh Babulal Signed-off-by: Tom Hromatka --- diff --git a/src/tools/cgget.c b/src/tools/cgget.c index dd9a7b6a..33928c37 100644 --- a/src/tools/cgget.c +++ b/src/tools/cgget.c @@ -458,8 +458,8 @@ static int get_cv_value(struct control_value * const cv, const char * const cg_n const char * const controller_name) { bool is_multiline = false; + void *tmp, *handle = NULL; char tmp_line[LL_MAX]; - void *handle, *tmp; int ret; ret = cgroup_read_value_begin(controller_name, cg_name, cv->name, &handle, tmp_line,