kernelshark: Fix potential memory leaks in libkshark-tepdata
- In tepdata_get_field_names(), buffer was never free on error
- In kshark_tep_open_buffer(), names were never free if
kshark_get_data_stream() failed
- In kshark_tep_open_buffer(), prevent any double free error with
"name" and "file" fields of buffer_stream
- In kshark_tep_init_all_buffers(), return failure code if failed to
copy "name" and "file" fields of buffer_stream
Signed-off-by: Benjamin ROBIN <dev@benjarobin.fr>
Signed-off-by: Yordan Karadzhov <y.karadz@gmail.com>
diff --git a/src/libkshark-tepdata.c b/src/libkshark-tepdata.c
index f938caf..8e90daf 100644
--- a/src/libkshark-tepdata.c
+++ b/src/libkshark-tepdata.c
@@ -949,6 +949,7 @@
for (i = 0; i < nr_fields; ++i)
free(buffer[i]);
+ free(buffer);
return -EFAULT;
}
@@ -1425,8 +1426,10 @@
sd_buffer = kshark_add_stream(kshark_ctx);
buffer_stream = kshark_get_data_stream(kshark_ctx, sd_buffer);
- if (!buffer_stream)
- return -EFAULT;
+ if (!buffer_stream) {
+ ret = -EFAULT;
+ goto end;
+ }
for (i = 0; i < n_buffers; ++i) {
if (strcmp(buffer_name, names[i]) == 0) {
@@ -1439,7 +1442,8 @@
if (!buffer_stream->name || !buffer_stream->file) {
free(buffer_stream->name);
free(buffer_stream->file);
-
+ buffer_stream->name = NULL;
+ buffer_stream->file = NULL;
ret = -ENOMEM;
break;
}
@@ -1450,6 +1454,7 @@
}
}
+end:
for (i = 0; i < n_buffers; ++i)
free(names[i]);
free(names);
@@ -1501,8 +1506,9 @@
if (!buffer_stream->name || !buffer_stream->file) {
free(buffer_stream->name);
free(buffer_stream->file);
- ret = -ENOMEM;
- break;
+ buffer_stream->name = NULL;
+ buffer_stream->file = NULL;
+ return -ENOMEM;
}
ret = kshark_tep_stream_init(buffer_stream, buffer_input);