diff mbox series

[11/38] trace-cmd record: prevent possible memory coruption in get_pid_addr_maps()

Message ID 20240605134054.2626953-12-jmarchan@redhat.com (mailing list archive)
State Accepted
Commit 6fd08d879d0a9f7b3c1c8f3609779626ad25c8a0
Headers show
Series trace-cmd: fix misc issues found by static analysis | expand

Commit Message

Jerome Marchand June 5, 2024, 1:40 p.m. UTC
If strdup() fails the error path access original address of
maps->lib_maps after it has been dereferenced. Make sure that
maps->lib_maps contains the up-to-date pointer before calling calling
a function that could fail.

This was flagged as ressource leak (CWE-772) because map isn't freed
in that scenario, but there is something worse going on that the
static analysis missed.

Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
---
 tracecmd/trace-record.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c
index 91cc90d4..f05a58d1 100644
--- a/tracecmd/trace-record.c
+++ b/tracecmd/trace-record.c
@@ -1230,12 +1230,12 @@  static int get_pid_addr_maps(struct buffer_instance *instance, int pid)
 				      (maps->nr_lib_maps + 1) * sizeof(*map));
 			if (!map)
 				goto out_fail;
+			maps->lib_maps = map;
 			map[maps->nr_lib_maps].end = end;
 			map[maps->nr_lib_maps].start = begin;
 			map[maps->nr_lib_maps].lib_name = strdup(mapname);
 			if (!map[maps->nr_lib_maps].lib_name)
 				goto out_fail;
-			maps->lib_maps = map;
 			maps->nr_lib_maps++;
 		}
 	}