@@ -1744,17 +1744,23 @@ static int parse_pred(const char *str, void *data,
/* Copy the cpulist between { and } */
tmp = kmalloc((i - maskstart) + 1, GFP_KERNEL);
- strscpy(tmp, str + maskstart, (i - maskstart) + 1);
+ if (!tmp)
+ goto err_mem;
+ strscpy(tmp, str + maskstart, (i - maskstart) + 1);
pred->mask = kzalloc(cpumask_size(), GFP_KERNEL);
- if (!pred->mask)
+ if (!pred->mask) {
+ kfree(tmp);
goto err_mem;
+ }
/* Now parse it */
if (cpulist_parse(tmp, pred->mask)) {
+ kfree(tmp);
parse_error(pe, FILT_ERR_INVALID_CPULIST, pos + i);
goto err_free;
}
+ kfree(tmp);
/* Move along */
i++;
parse_pred() allocates a string buffer to parse the user-provided cpulist, but doesn't check the allocation result nor does it free the buffer once it is no longer needed. Add an allocation check, and free the buffer as soon as it is no longer needed. Reported-by: Steven Rostedt <rostedt@goodmis.org> Reported-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Valentin Schneider <vschneid@redhat.com> --- kernel/trace/trace_events_filter.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)