In get_trace_req_args() vagrs is not freed when the function exits
without an error. This could be of course be fixed by freeing vagrs
before exit, but actually I don't see the point of the buffer at all
since it just use to copy the content of buf and then read to fill
args. Why not just read from buf to begin with?
Remove vagrs and use buf directly.
Fixes a RESOURCE_LEAK error (CWE-772)
Signed-off-by: Jerome Marchand <jmarchan@xxxxxxxxxx>
---
lib/trace-cmd/trace-msg.c | 13 ++-----------
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/lib/trace-cmd/trace-msg.c b/lib/trace-cmd/trace-msg.c
index 3a555c36..f5c604f1 100644
--- a/lib/trace-cmd/trace-msg.c
+++ b/lib/trace-cmd/trace-msg.c
@@ -1247,7 +1247,6 @@ static int get_trace_req_args(char *buf, int length, int *argc, char ***argv)
unsigned int nr_args;
char *p, *buf_end;
char **args = NULL;
- char *vagrs = NULL;
int ret;
int i;
@@ -1266,15 +1265,8 @@ static int get_trace_req_args(char *buf, int length, int *argc, char ***argv)
goto out;
}
- vagrs = calloc(length, sizeof(char));
- if (!vagrs) {
- ret = -ENOMEM;
- goto out;
- }
-
- memcpy(vagrs, buf, length);
- buf_end = vagrs + length;
- for (i = 0, p = vagrs; i < nr_args; i++, p++) {
+ buf_end = buf + length;
+ for (i = 0, p = buf; i < nr_args; i++, p++) {
if (p >= buf_end) {
ret = -EINVAL;
goto out;
@@ -1289,7 +1281,6 @@ static int get_trace_req_args(char *buf, int length, int *argc, char ***argv)
out:
free(args);
- free(vagrs);
return ret;
}
--
2.44.0
|