Skip to content

Commit 99fe8af

Browse files
chenyuan0001Alexei Starovoitov
chenyuan0001
authored and
Alexei Starovoitov
committed
bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
In function dump_xx_nlmsg(), when realloc() fails to allocate memory, the original pointer to the buffer is overwritten with NULL. This causes a memory leak because the previously allocated buffer becomes unreachable without being freed. Fixes: 7900efc ("tools/bpf: bpftool: improve output format for bpftool net") Signed-off-by: Yuan Chen <[email protected]> Reviewed-by: Quentin Monnet <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Alexei Starovoitov <[email protected]>
1 parent f8b19ae commit 99fe8af

File tree

1 file changed

+9
-6
lines changed

1 file changed

+9
-6
lines changed

tools/bpf/bpftool/net.c

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -366,17 +366,18 @@ static int dump_link_nlmsg(void *cookie, void *msg, struct nlattr **tb)
366366
{
367367
struct bpf_netdev_t *netinfo = cookie;
368368
struct ifinfomsg *ifinfo = msg;
369+
struct ip_devname_ifindex *tmp;
369370

370371
if (netinfo->filter_idx > 0 && netinfo->filter_idx != ifinfo->ifi_index)
371372
return 0;
372373

373374
if (netinfo->used_len == netinfo->array_len) {
374-
netinfo->devices = realloc(netinfo->devices,
375-
(netinfo->array_len + 16) *
376-
sizeof(struct ip_devname_ifindex));
377-
if (!netinfo->devices)
375+
tmp = realloc(netinfo->devices,
376+
(netinfo->array_len + 16) * sizeof(struct ip_devname_ifindex));
377+
if (!tmp)
378378
return -ENOMEM;
379379

380+
netinfo->devices = tmp;
380381
netinfo->array_len += 16;
381382
}
382383
netinfo->devices[netinfo->used_len].ifindex = ifinfo->ifi_index;
@@ -395,6 +396,7 @@ static int dump_class_qdisc_nlmsg(void *cookie, void *msg, struct nlattr **tb)
395396
{
396397
struct bpf_tcinfo_t *tcinfo = cookie;
397398
struct tcmsg *info = msg;
399+
struct tc_kind_handle *tmp;
398400

399401
if (tcinfo->is_qdisc) {
400402
/* skip clsact qdisc */
@@ -406,11 +408,12 @@ static int dump_class_qdisc_nlmsg(void *cookie, void *msg, struct nlattr **tb)
406408
}
407409

408410
if (tcinfo->used_len == tcinfo->array_len) {
409-
tcinfo->handle_array = realloc(tcinfo->handle_array,
411+
tmp = realloc(tcinfo->handle_array,
410412
(tcinfo->array_len + 16) * sizeof(struct tc_kind_handle));
411-
if (!tcinfo->handle_array)
413+
if (!tmp)
412414
return -ENOMEM;
413415

416+
tcinfo->handle_array = tmp;
414417
tcinfo->array_len += 16;
415418
}
416419
tcinfo->handle_array[tcinfo->used_len].handle = info->tcm_handle;

0 commit comments

Comments
 (0)