Memset() on the pointer right after malloc() can cause
a null pointer dereference if it failed to allocate memory.
Fix this by replacing malloc/memset with a single calloc().
Signed-off-by: Gaurav Singh <gaurav1086@xxxxxxxxx>
---
samples/bpf/xdp_redirect_cpu_user.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/samples/bpf/xdp_redirect_cpu_user.c b/samples/bpf/xdp_redirect_cpu_user.c
index f3468168982e..2ae7a9a1d950 100644
--- a/samples/bpf/xdp_redirect_cpu_user.c
+++ b/samples/bpf/xdp_redirect_cpu_user.c
@@ -207,11 +207,8 @@ static struct datarec *alloc_record_per_cpu(void)
{
unsigned int nr_cpus = bpf_num_possible_cpus();
struct datarec *array;
- size_t size;
- size = sizeof(struct datarec) * nr_cpus;
- array = malloc(size);
- memset(array, 0, size);
+ array = calloc(nr_cpus, sizeof(struct datarec));
if (!array) {
fprintf(stderr, "Mem alloc error (nr_cpus:%u)\n", nr_cpus);
exit(EXIT_FAIL_MEM);
@@ -222,11 +219,9 @@ static struct datarec *alloc_record_per_cpu(void)
static struct stats_record *alloc_stats_record(void)
{
struct stats_record *rec;
- int i, size;
+ int i;
- size = sizeof(*rec) + n_cpus * sizeof(struct record);
- rec = malloc(size);
- memset(rec, 0, size);
+ rec = calloc(n_cpus + 1, sizeof(struct record));
if (!rec) {
fprintf(stderr, "Mem alloc error\n");
exit(EXIT_FAIL_MEM);
--
2.17.1
