If strdup() fails the error path access original address of maps->lib_maps after it has been dereferenced. Make sure that maps->lib_maps contains the up-to-date pointer before calling calling a function that could fail. This was flagged as ressource leak (CWE-772) because map isn't freed in that scenario, but there is something worse going on that the static analysis missed. Signed-off-by: Jerome Marchand <jmarchan@xxxxxxxxxx> --- tracecmd/trace-record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c index 91cc90d4..f05a58d1 100644 --- a/tracecmd/trace-record.c +++ b/tracecmd/trace-record.c @@ -1230,12 +1230,12 @@ static int get_pid_addr_maps(struct buffer_instance *instance, int pid) (maps->nr_lib_maps + 1) * sizeof(*map)); if (!map) goto out_fail; + maps->lib_maps = map; map[maps->nr_lib_maps].end = end; map[maps->nr_lib_maps].start = begin; map[maps->nr_lib_maps].lib_name = strdup(mapname); if (!map[maps->nr_lib_maps].lib_name) goto out_fail; - maps->lib_maps = map; maps->nr_lib_maps++; } } -- 2.44.0
|