lib/38677: memory leak in getnetnamadr.c

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/38677: memory leak in getnetnamadr.c
From: mtbakerguy%yahoo.com@localhost
Date: Sat, 17 May 2008 13:00:01 +0000 (UTC)

>Number:         38677
>Category:       lib
>Synopsis:       memory leak in getnetnamadr.c
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 17 13:00:00 +0000 2008
>Originator:     B K
>Release:        current
>Organization:
home
>Environment:
NetBSD new-host-2 4.99.60 NetBSD 4.99.60 (ZZZZ) #1: Sat Apr 19 08:46:10 PDT 
2008  root@new-host-2:/usr/obj/sys/arch/i386/compile/ZZZZ i386

>Description:
Memleak found via code inspection.

Also noticed some code in getaddrinfo.c that could be made more robust* and 
cleaner by coalescing some memory allocation.

*as long as a single 128kb allocation is more likely to succeed than 2 separate 
64kb allocations.  As I write this, I wonder if the getnetnamadr leak ever gets 
triggered since a 64kb leak would be hard to miss.
>How-To-Repeat:
N/A --> strictly from code inspection
>Fix:
Lightly-tested diff follows:

Index: getaddrinfo.c
===================================================================
RCS file: /cvsroot/src/lib/libc/net/getaddrinfo.c,v
retrieving revision 1.91
diff -d -u -r1.91 getaddrinfo.c
--- getaddrinfo.c       19 Apr 2008 07:56:34 -0000      1.91
+++ getaddrinfo.c       17 May 2008 06:08:18 -0000
@@ -1285,17 +1285,12 @@
        memset(&sentinel, 0, sizeof(sentinel));
        cur = &sentinel;
 
-       buf = malloc(sizeof(*buf));
+       buf = malloc(sizeof(*buf) * 2);
        if (buf == NULL) {
                h_errno = NETDB_INTERNAL;
                return NS_NOTFOUND;
        }
-       buf2 = malloc(sizeof(*buf2));
-       if (buf2 == NULL) {
-               free(buf);
-               h_errno = NETDB_INTERNAL;
-               return NS_NOTFOUND;
-       }
+       buf2 = buf + 1;
 
        switch (pai->ai_family) {
        case AF_UNSPEC:
@@ -1328,21 +1323,18 @@
                break;
        default:
                free(buf);
-               free(buf2);
                return NS_UNAVAIL;
        }
 
        res = __res_get_state();
        if (res == NULL) {
                free(buf);
-               free(buf2);
                return NS_NOTFOUND;
        }
 
        if (res_searchN(name, &q, res) < 0) {
                __res_put_state(res);
                free(buf);
-               free(buf2);
                return NS_NOTFOUND;
        }
        ai = getanswer(buf, q.n, q.name, q.qtype, pai);
@@ -1357,7 +1349,6 @@
                        cur->ai_next = ai;
        }
        free(buf);
-       free(buf2);
        if (sentinel.ai_next == NULL) {
                __res_put_state(res);
                switch (h_errno) {
Index: getnetnamadr.c
===================================================================
RCS file: /cvsroot/src/lib/libc/net/getnetnamadr.c,v
retrieving revision 1.40
diff -d -u -r1.40 getnetnamadr.c
--- getnetnamadr.c      8 May 2008 13:01:42 -0000       1.40
+++ getnetnamadr.c      17 May 2008 06:08:18 -0000
@@ -343,8 +343,10 @@
                return NS_NOTFOUND;
        }
        res = __res_get_state();
-       if (res == NULL)
+       if (res == NULL) {
+               free(buf);
                return NS_NOTFOUND;
+        }
        anslen = res_nquery(res, qbuf, C_IN, T_PTR, buf->buf, sizeof(buf->buf));
        if (anslen < 0) {
                free(buf);

Prev by Date: Re: bin/38667: cpuctl does not properly deal with AMD Phenom
Next by Date: Re: bin/28126 (sed fails to match empty back-reference)
Previous by Thread: Re: kern/38663 (Kernel preemption can't be enabled on x86 because of amd64 FPU handling)
Next by Thread: Re: bin/28126 (sed fails to match empty back-reference)
Indexes:

Home | Main Index | Thread Index | Old Index