Re: [PATCH] tools: Fix realloc() use in fdarray__grow()
From: Jiri Olsa
Date: Mon Mar 02 2020 - 07:58:44 EST
On Sat, Feb 29, 2020 at 05:26:07PM +0100, Jann Horn wrote:
> If `entries != NULL`, then `fda->entries` has been freed, so whatever
> happens afterwards, we must store `entries` in `fda->entries`.
> If we bail out at the second realloc(), the new allocation will be bigger
> than what fda->nr_alloc says, but that's fine.
>
> Fixes: 2171a9256862 ("tools lib fd array: Allow associating an integer cookie with each entry")
> Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
> ---
> To the maintainer:
> I'm not sure about the etiquette for using CC stable in
> patches for somewhat theoretical issues in userland tools;
> feel free to tack a CC stable onto this if you think it
> should go into stable.
>
> tools/lib/api/fd/array.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/tools/lib/api/fd/array.c b/tools/lib/api/fd/array.c
> index 58d44d5eee31..acf8eca1a94a 100644
> --- a/tools/lib/api/fd/array.c
> +++ b/tools/lib/api/fd/array.c
> @@ -27,15 +27,13 @@ int fdarray__grow(struct fdarray *fda, int nr)
>
> if (entries == NULL)
> return -ENOMEM;
> + fda->entries = entries;
>
> priv = realloc(fda->priv, psize);
> - if (priv == NULL) {
> - free(entries);
so we are sure we always call fdarray__exit even
if we fail in here? if that's the case then
Acked-by: Jiri Olsa <jolsa@xxxxxxxxxx>
thanks,
jirka
> + if (priv == NULL)
> return -ENOMEM;
> - }
>
> fda->nr_alloc = nr_alloc;
> - fda->entries = entries;
> fda->priv = priv;
> return 0;
> }
> --
> 2.25.0
>