[PATCH -tip 1/5] tracing/kprobe: Fix a memory leak in error case

From: Masami Hiramatsu
Date: Fri Aug 27 2010 - 07:37:08 EST


Fix a memory leak which happens when a field name conflicts
with others. In error case, free_trace_probe() will free all
arguments until nr_args, so this increments nr_args the
begining of the loop instead of the end.

Signed-off-by: Masami Hiramatsu <masami.hiramatsu.pt@xxxxxxxxxxx>
Cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
Cc: Frederic Weisbecker <fweisbec@xxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
Cc: linux-kernel@xxxxxxxxxxxxxxx
---

kernel/trace/trace_kprobe.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
index 8b27c98..0116c03 100644
--- a/kernel/trace/trace_kprobe.c
+++ b/kernel/trace/trace_kprobe.c
@@ -992,6 +992,9 @@ static int create_trace_probe(int argc, char **argv)
/* parse arguments */
ret = 0;
for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) {
+ /* Increment count for freeing args in error case */
+ tp->nr_args++;
+
/* Parse argument name */
arg = strchr(argv[i], '=');
if (arg)
@@ -1021,11 +1024,8 @@ static int create_trace_probe(int argc, char **argv)
ret = parse_probe_arg(arg, tp, &tp->args[i], is_return);
if (ret) {
pr_info("Parse error at argument%d. (%d)\n", i, ret);
- kfree(tp->args[i].name);
goto error;
}
-
- tp->nr_args++;
}

ret = register_trace_probe(tp);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/