[PATCH 3/4] tools: bpftool: fix potential NULL pointer dereference in do_load
From: Wen Yang
Date: Wed Nov 21 2018 - 02:41:57 EST
This patch fixes a possible null pointer dereference in
do_load, detected by the semantic patch
deref_null.cocci, with the following warning:
./tools/bpf/bpftool/prog.c:1021:23-25: ERROR: map_replace is NULL but dereferenced.
The following code has potential null pointer references:
881 map_replace = reallocarray(map_replace, old_map_fds + 1,
882 sizeof(*map_replace));
883 if (!map_replace) {
884 p_err("mem alloc failed");
885 goto err_free_reuse_maps;
886 }
...
1019 err_free_reuse_maps:
1020 for (i = 0; i < old_map_fds; i++)
1021 close(map_replace[i].fd);
1022 free(map_replace);
Signed-off-by: Wen Yang <wen.yang99@xxxxxxxxxx>
Reviewed-by: Tan Hu <tan.hu@xxxxxxxxxx>
CC: Julia Lawall <julia.lawall@xxxxxxx>
---
tools/bpf/bpftool/prog.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c
index 5302ee2..de42187 100644
--- a/tools/bpf/bpftool/prog.c
+++ b/tools/bpf/bpftool/prog.c
@@ -1017,8 +1017,9 @@ static int do_load(int argc, char **argv)
err_close_obj:
bpf_object__close(obj);
err_free_reuse_maps:
- for (i = 0; i < old_map_fds; i++)
- close(map_replace[i].fd);
+ if (map_replace)
+ for (i = 0; i < old_map_fds; i++)
+ close(map_replace[i].fd);
free(map_replace);
return -1;
}
--
2.9.5