lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <tencent_CA0C296180B9D75FF6A53D6B4F2130888D05@qq.com>
Date: Fri, 12 Sep 2025 16:20:24 +0800
From: Haofeng Li <920484857@...com>
To: Andrew Morton <akpm@...ux-foundation.org>,
	David Hildenbrand <david@...hat.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
	Zi Yan <ziy@...dia.com>,
	linux-kernel@...r.kernel.org,
	linux-kselftest@...r.kernel.org,
	linux-mm@...ck.org,
	Haofeng Li <13266079573@....com>,
	Haofeng Li <lihaofeng@...inos.cn>
Subject: [PATCH] mm: transhuge-stress: fix potential memory leak on realloc failure

From: Haofeng Li <lihaofeng@...inos.cn>

When realloc() fails in transhuge-stress test, the original code
exits immediately without freeing the previously allocated memory,
causing a memory leak. This patch introduces a temporary pointer
to hold the realloc result, ensuring proper cleanup by freeing
the original map before exiting on allocation failure.

Signed-off-by: Haofeng Li <lihaofeng@...inos.cn>
---
 tools/testing/selftests/mm/transhuge-stress.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/mm/transhuge-stress.c b/tools/testing/selftests/mm/transhuge-stress.c
index 68201192e37c..cbe86c5b8de0 100644
--- a/tools/testing/selftests/mm/transhuge-stress.c
+++ b/tools/testing/selftests/mm/transhuge-stress.c
@@ -30,7 +30,7 @@ int main(int argc, char **argv)
 	int i = 0;
 	char *name = NULL;
 	double s;
-	uint8_t *map;
+	uint8_t *map, *map_tmp;
 	size_t map_len;
 	int pagemap_fd;
 	int duration = 0;
@@ -107,9 +107,12 @@ int main(int argc, char **argv)
 
 				nr_succeed++;
 				if (idx >= map_len) {
-					map = realloc(map, idx + 1);
-					if (!map)
+					map_tmp = realloc(map, idx + 1);
+					if (!map_tmp) {
+						free(map);
 						ksft_exit_fail_msg("map realloc\n");
+					}
+					map = map_tmp;
 					memset(map + map_len, 0, idx + 1 - map_len);
 					map_len = idx + 1;
 				}
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ