From 9a1d033661f9e0550c8308db034b0c274dcb4caa Mon Sep 17 00:00:00 2001 From: Shuyang Hao <70073970+isabert@users.noreply.github.com> Date: Thu, 21 May 2026 23:05:24 -0400 Subject: [PATCH 1/2] libbpf-tools/trace_helpers.c: free() called more than once dso__free_fields could be called by (err_out in trace_helpers.c) and then by the finalizer (cleanup in profile.c). This will cause the case where a dangling pointer is freed. To fix this issue - the freed pointers are set to NULL. Furthermore, to prevent lazy reload `if (!dso->syms && dso__load_sym_table(dso))` from populating dso again, size and capacity are also set to 0 --- libbpf-tools/trace_helpers.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libbpf-tools/trace_helpers.c b/libbpf-tools/trace_helpers.c index 536ed8349d90..2e37b8a32e0f 100644 --- a/libbpf-tools/trace_helpers.c +++ b/libbpf-tools/trace_helpers.c @@ -491,6 +491,16 @@ static void dso__free_fields(struct dso *dso) free(dso->ranges); free(dso->syms); btf__free(dso->btf); + + /* Clear relevant fields in dso to avoid dangling pointers*/ + dso->name = NULL; + dso->ranges = NULL; + dso->syms = NULL; + dso->btf = NULL; + + /* zero out size and capacity to prevent dso__add_sym from reallocating */ + dso->syms_sz = 0; + dso->syms_cap = 0; } static int dso__load_sym_table_from_elf(struct dso *dso, int fd) From 1ebb28822d520b61c48fb390519286ff293d45d7 Mon Sep 17 00:00:00 2001 From: isabert <70073970+isabert@users.noreply.github.com> Date: Mon, 1 Jun 2026 18:50:54 -0400 Subject: [PATCH 2/2] Commit additional field changes that are needed potentially Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- libbpf-tools/trace_helpers.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libbpf-tools/trace_helpers.c b/libbpf-tools/trace_helpers.c index 2e37b8a32e0f..567d11e672a5 100644 --- a/libbpf-tools/trace_helpers.c +++ b/libbpf-tools/trace_helpers.c @@ -492,15 +492,19 @@ static void dso__free_fields(struct dso *dso) free(dso->syms); btf__free(dso->btf); - /* Clear relevant fields in dso to avoid dangling pointers*/ + /* Clear relevant fields in dso to avoid dangling pointers. */ dso->name = NULL; dso->ranges = NULL; + dso->range_sz = 0; dso->syms = NULL; dso->btf = NULL; - /* zero out size and capacity to prevent dso__add_sym from reallocating */ + /* Zero out size/capacity to avoid stale bounds/alloc decisions. */ dso->syms_sz = 0; dso->syms_cap = 0; + dso->type = UNKNOWN; + dso->sh_addr = 0; + dso->sh_offset = 0; } static int dso__load_sym_table_from_elf(struct dso *dso, int fd)