| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260118130247.1003369-1-geoffreyhe2@gmail.com>
Date: Sun, 18 Jan 2026 13:02:47 +0000
From: Weigang He <geoffreyhe2@...il.com>
To: Steven Rostedt <rostedt@...dmis.org>,
Masami Hiramatsu <mhiramat@...nel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
linux-kernel@...r.kernel.org,
linux-trace-kernel@...r.kernel.org,
Weigang He <geoffreyhe2@...il.com>,
Tuo Li <islituo@...il.com>
Subject: [PATCH] scripts/tracepoint-update: fix memory leak in make_trace_array()
In make_trace_array(), if add_string() fails after some successful
iterations, the function returns without freeing the 'vals' array that
was allocated by previous add_string() calls.
The add_string() function uses realloc() internally with a local
temporary variable, which means the original pointer is preserved on
allocation failure. When make_trace_array() returns early on error,
the previously allocated memory is leaked.
Fix this by freeing 'vals' before returning on the error path.
This bug is found by my static analysis tool and my code review.
Signed-off-by: Tuo Li <islituo@...il.com>
---
scripts/tracepoint-update.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scripts/tracepoint-update.c b/scripts/tracepoint-update.c
index 90046aedc97b9..7bc9d66229ddf 100644
--- a/scripts/tracepoint-update.c
+++ b/scripts/tracepoint-update.c
@@ -93,8 +93,10 @@ static void make_trace_array(struct elf_tracepoint *etrace)
for_each_shdr_str(len, ehdr, check_data_sec) {
if (!len)
continue;
- if (add_string(str, &vals, &count) < 0)
+ if (add_string(str, &vals, &count) < 0) {
+ free(vals);
return;
+ }
}
/* If CONFIG_TRACEPOINT_VERIFY_USED is not set, there's nothing to do */
--
2.34.1
Powered by blists - more mailing lists