In make_trace_array(), if add_string() fails after some successful iterations, the function returns without freeing the 'vals' array that was allocated by previous add_string() calls.
The add_string() function uses realloc() internally with a local temporary variable, which means the original pointer is preserved on allocation failure. When make_trace_array() returns early on error, the previously allocated memory is leaked. Fix this by freeing 'vals' before returning on the error path. This bug is found by my static analysis tool and my code review. Signed-off-by: Tuo Li <[email protected]> --- scripts/tracepoint-update.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/tracepoint-update.c b/scripts/tracepoint-update.c index 90046aedc97b9..7bc9d66229ddf 100644 --- a/scripts/tracepoint-update.c +++ b/scripts/tracepoint-update.c @@ -93,8 +93,10 @@ static void make_trace_array(struct elf_tracepoint *etrace) for_each_shdr_str(len, ehdr, check_data_sec) { if (!len) continue; - if (add_string(str, &vals, &count) < 0) + if (add_string(str, &vals, &count) < 0) { + free(vals); return; + } } /* If CONFIG_TRACEPOINT_VERIFY_USED is not set, there's nothing to do */ -- 2.34.1
