scripts/tracepoint-update: Fix memory leak in add_string() on failure

Weigang He · rostedt · commit 361eb853c655 · 2026-01-23T13:34:45.000-05:00
When realloc() fails in add_string(), the function returns -1 but leaves *vals pointing to the previously allocated memory. This can cause memory leaks in callers like make_trace_array() that return on error without freeing the partially built array. Fix this by freeing *vals and setting it to NULL when realloc() fails. This makes the error handling self-contained in add_string() so callers don't need to handle cleanup on failure. This bug is found by my static analysis tool and my code review. Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Fixes: e30f8e6 ("tracing: Add a tracepoint verification check at build time") Link: https://patch.msgid.link/20260119114542.1714405-1-geoffreyhe2@gmail.com Signed-off-by: Weigang He <geoffreyhe2@gmail.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
diff --git a/scripts/tracepoint-update.c b/scripts/tracepoint-update.c
@@ -49,6 +49,8 @@ static int add_string(const char *str, const char ***vals, int *count)
 		array = realloc(array, sizeof(char *) * size);
 		if (!array) {
 			fprintf(stderr, "Failed memory allocation\n");
+			free(*vals);
+			*vals = NULL;
 			return -1;
 		}
 		*vals = array;

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,8 @@ static int add_string(const char str, const char *vals, int count)`
`49`	`49`	`array = realloc(array, sizeof(char ) size);`
`50`	`50`	`if (!array) {`
`51`	`51`	`fprintf(stderr, "Failed memory allocation\n");`
	`52`	`+ free(*vals);`
	`53`	`+ *vals = NULL;`
`52`	`54`	`return -1;`
`53`	`55`	`}`
`54`	`56`	`*vals = array;`