In the funcs allocation failure path, the cleanup loop iterates with
'j' but frees objs[i].funcs, which uses the outer loop index 'i'
instead of the loop variable 'j'. As a result the just-failed (NULL)
entry is freed repeatedly, while the funcs buffers already allocated
for objs[0..i-1] are leaked.

Use objs[j].funcs so the previously allocated entries are correctly
released.

Fixes: 59adee07b568 ("livepatch/klp-build: Add stub init code for livepatch 
modules")
Signed-off-by: Shihao Ren <[email protected]>
---
 scripts/livepatch/init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/livepatch/init.c b/scripts/livepatch/init.c
index f14d8c8fb..16aff8f73 100644
--- a/scripts/livepatch/init.c
+++ b/scripts/livepatch/init.c
@@ -51,7 +51,7 @@ static int __init livepatch_mod_init(void)
                if (!funcs) {
                        ret = -ENOMEM;
                        for (int j = 0; j < i; j++)
-                               kfree(objs[i].funcs);
+                               kfree(objs[j].funcs);
                        goto err_free_objs;
                }
 
-- 
2.39.5


Reply via email to