Fix double-free in NewModuleFromBufferArgs (#327)

javierhonduco · web-flow · commit 80f41e18e690 · 2023-05-09T13:29:48.000-03:00
In 0238ec3 the freeing of C strings was changed to use defers. This can cause a double-free, which in the best case it will produce a crash. The reason why this happens is that the memory address at `defer` time is captured for later execution. If `KConfigFilePath` is less than 3, it was being freed and set to NULL. Once the defer executes on function return, the same address we already freed will be passed again. We observed this while upgrading libbpfgo in Parca Agent (parca-dev/parca-agent#1599). Signed-off-by: Francisco Javier Honduvilla Coto <javierhonduco@gmail.com>
diff --git a/libbpfgo.go b/libbpfgo.go
@@ -391,7 +391,6 @@ func NewModuleFromBufferArgs(args NewModuleArgs) (*Module, error) {
 	cBPFBuffSize := C.size_t(len(args.BPFObjBuff))
 
 	if len(args.KConfigFilePath) <= 2 {
-		C.free(unsafe.Pointer(cKconfigPath))
 		cKconfigPath = nil
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -391,7 +391,6 @@ func NewModuleFromBufferArgs(args NewModuleArgs) (*Module, error) {`
`391`	`391`	`cBPFBuffSize := C.size_t(len(args.BPFObjBuff))`
`392`	`392`
`393`	`393`	`if len(args.KConfigFilePath) <= 2 {`
`394`		`- C.free(unsafe.Pointer(cKconfigPath))`
`395`	`394`	`cKconfigPath = nil`
`396`	`395`	`}`
`397`	`396`