Fix double-free in NewModuleFromBufferArgs (#327)

In 0238ec3 the freeing of C strings was changed to use defers. This can cause a double-free, which in the best case it will produce a crash. The reason why this happens is that the memory address at `defer` time is captured for later execution. If `KConfigFilePath` is less than 3, it was being freed and set to NULL. Once the defer executes on function return, the same address we already freed will be passed again. We observed this while upgrading libbpfgo in Parca Agent (parca-dev/parca-agent#1599). Signed-off-by: Francisco Javier Honduvilla Coto <javierhonduco@gmail.com>
aquasecurity · May 9, 2023 · 80f41e1 · 80f41e1
1 parent 0238ec3
commit 80f41e1
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/libbpfgo.go b/libbpfgo.go
@@ -391,7 +391,6 @@ func NewModuleFromBufferArgs(args NewModuleArgs) (*Module, error) {
  cBPFBuffSize := C.size_t(len(args.BPFObjBuff))
 
  if len(args.KConfigFilePath) <= 2 {
- C.free(unsafe.Pointer(cKconfigPath))
  cKconfigPath = nil
  }