1. Patchew
  2. linux
  3. View series

[PATCH] objtool: Fix memory leak in elf_alloc_reloc() on realloc failure

Weigang He posted 1 patch 2 weeks, 5 days ago 
tools/objtool/elf.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
[PATCH] objtool: Fix memory leak in elf_alloc_reloc() on realloc failure
Posted by Weigang He 2 weeks, 5 days ago 
When realloc() fails in elf_alloc_reloc(), the original buffer pointer
is overwritten with NULL before the failure is detected. This causes
the original buffer to become unreachable, resulting in a memory leak.

Fix this by using a temporary variable to hold the realloc() result.
If realloc() fails, free the original buffer and set d_buf to NULL to
maintain the expected error state before returning -1.

This bug is found by my static analysis tool and my code review.

Signed-off-by: Weigang He <geoffreyhe2@gmail.com>
---
 tools/objtool/elf.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
index 6a8ed9c62323e..e47c5c4f25314 100644
--- a/tools/objtool/elf.c
+++ b/tools/objtool/elf.c
@@ -1521,12 +1521,15 @@ static int elf_alloc_reloc(struct elf *elf, struct section *rsec)
 		memcpy(rsec->data->d_buf, orig_buf,
 		       nr_relocs_old * elf_rela_size(elf));
 	} else {
-		rsec->data->d_buf = realloc(rsec->data->d_buf,
-					    nr_alloc * elf_rela_size(elf));
-		if (!rsec->data->d_buf) {
+		void *new_d_buf = realloc(rsec->data->d_buf,
+					  nr_alloc * elf_rela_size(elf));
+		if (!new_d_buf) {
 			ERROR_GLIBC("realloc");
+			free(rsec->data->d_buf);
+			rsec->data->d_buf = NULL;
 			return -1;
 		}
+		rsec->data->d_buf = new_d_buf;
 	}
 
 	rsec->nr_alloc_relocs = nr_alloc;
-- 
2.34.1
Re: [PATCH] objtool: Fix memory leak in elf_alloc_reloc() on realloc failure
Posted by Peter Zijlstra 2 weeks, 4 days ago 
On Sun, Jan 18, 2026 at 06:56:43AM +0000, Weigang He wrote:
> When realloc() fails in elf_alloc_reloc(), the original buffer pointer
> is overwritten with NULL before the failure is detected. This causes
> the original buffer to become unreachable, resulting in a memory leak.
> 
> Fix this by using a temporary variable to hold the realloc() result.
> If realloc() fails, free the original buffer and set d_buf to NULL to
> maintain the expected error state before returning -1.
> 
> This bug is found by my static analysis tool and my code review.

Yeah, except that the moment this error is actually hit, the tool will
exit, freeing all memory.
Re: [PATCH] objtool: Fix memory leak in elf_alloc_reloc() on realloc failure
Posted by Markus Elfring 2 weeks, 4 days ago 
…
> This bug is found by my static analysis tool …

* Did it get a special name?

* Was any additional background information published for such a source code
  analysis tool?


Regards,
Markus

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.