From nobody Thu Oct 9 08:16:05 2025 Received: from m16.mail.163.com (m16.mail.163.com [220.197.31.2]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 19F124A3C; Thu, 19 Jun 2025 03:11:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=220.197.31.2 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750302671; cv=none; b=IUh4AZgSGEwykL7o4oua66OT7N3qb/ww287ni8soAS+5S+ZtfS0LNfuBOjO0AJ0IMeP5OgwMZjNTwksmNQcvxpHaE8k4g2o8nArpYUL0mU1VoBgNsYopVvekMhZhS/jHdEkHQlux5PYGx7nUA9YSRr1WqeslG1xcYbbIcVfLdZ0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750302671; c=relaxed/simple; bh=51oZ/IZDB7F4eTcBwvlqPOac0I3Sr1Bdpv7wS8vzbPY=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=SS8Acomn9XyxmvNIHzKMjsRflrVF5Dl0m0Rnh+N5wcEn09HHkmnw1prZVnBqu+4qMPH5HSvGcE+KULs4IjjAgk7CuVSP+fiONqUN3aGXdzgg1D/4IwTwwmIf3vGWMtNKtm65QQt/A1K0FnC9uyrM5jvSuqf7OgnWUKkgeaB7AA4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=163.com; spf=pass smtp.mailfrom=163.com; dkim=pass (1024-bit key) header.d=163.com header.i=@163.com header.b=kgDW3oXF; arc=none smtp.client-ip=220.197.31.2 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=163.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=163.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=163.com header.i=@163.com header.b="kgDW3oXF" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=ST RjQteFUZoF2HoMiQkIsJ7Znz080VPaSrZB64TS8oQ=; b=kgDW3oXF2c5Wd110nD 3F0z2jzbW8mqoBs9me8T0ojmZxZaJkZfDvdfxLi+1B1rNEhDq0OsP6Ug6etyVi65 z0J70DWpOlQaC3i56e7ryJqRJXYxbWipbS2JqESY0ei9ztOZJBmCJVO9t056lmlu ZPRM0+rPLAgJsIRFD/xcCZ5ew= Received: from 163.com (unknown []) by gzga-smtp-mtada-g1-2 (Coremail) with SMTP id _____wD3P6K0f1NowTSLAQ--.64025S2; Thu, 19 Jun 2025 11:10:44 +0800 (CST) From: chenyuan To: ast@kernel.org, andrii@kernel.org Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, chenyuan_fl@163.com, chenyuan Subject: [PATCH] bpftool: Fix memory leak in dump_link_nlmsg on realloc failure Date: Thu, 19 Jun 2025 11:10:37 +0800 Message-Id: <20250619031037.39068-1-chenyuan_fl@163.com> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: _____wD3P6K0f1NowTSLAQ--.64025S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7tFW5Xry7Wr4kJF1rAw13urg_yoW8Gw13pa 4UGa40vr15Wryru3s7Aa15ZFW3C3WxJrs5GF47A34ruryrXrsrZr18KFyFvanIgFn5XFy2 yr1Y9a17XF1UAaUanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0pio5d_UUUUU= X-CM-SenderInfo: xfkh05pxdqswro6rljoofrz/1tbiJxpxvWhTfSNNUwAAsK Content-Type: text/plain; charset="utf-8" From: chenyuan In function dump_link_nlmsg(), when realloc() fails to allocate memory, the original pointer to the buffer is overwritten with NULL. This causes a memory leak because the previously allocated buffer becomes unreachable without being freed. Fix: 7900efc19214 ("tools/bpf: bpftool: improve output format for bpftool n= et") Signed-off-by: chenyuan --- tools/bpf/bpftool/net.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/bpf/bpftool/net.c b/tools/bpf/bpftool/net.c index 64f958f437b0..e00637b85e56 100644 --- a/tools/bpf/bpftool/net.c +++ b/tools/bpf/bpftool/net.c @@ -366,17 +366,18 @@ static int dump_link_nlmsg(void *cookie, void *msg, s= truct nlattr **tb) { struct bpf_netdev_t *netinfo =3D cookie; struct ifinfomsg *ifinfo =3D msg; + struct ip_devname_ifindex *tmp; =20 if (netinfo->filter_idx > 0 && netinfo->filter_idx !=3D ifinfo->ifi_index) return 0; =20 if (netinfo->used_len =3D=3D netinfo->array_len) { - netinfo->devices =3D realloc(netinfo->devices, - (netinfo->array_len + 16) * + tmp =3D realloc(netinfo->devices, (netinfo->array_len + 16) * sizeof(struct ip_devname_ifindex)); - if (!netinfo->devices) + if (!tmp) return -ENOMEM; =20 + netinfo->devices =3D tmp; netinfo->array_len +=3D 16; } netinfo->devices[netinfo->used_len].ifindex =3D ifinfo->ifi_index; --=20 2.25.1