[RFA] Fix memory leak in gdbserver/hostio.c

Mirror of the gdb-patches mailing list
 help / color / mirror / Atom feed

* [RFA] Fix memory leak in gdbserver/hostio.c
@ 2011-02-27  0:40 Michael Snyder
  2011-02-27 17:10 ` Pedro Alves
  0 siblings, 1 reply; 6+ messages in thread
From: Michael Snyder @ 2011-02-27  0:40 UTC (permalink / raw)
  To: gdb-patches; +Cc: drow

[-- Attachment #1: Type: text/plain, Size: 20 bytes --]

Found by coverity.


[-- Attachment #2: hostio.txt --]
[-- Type: text/plain, Size: 610 bytes --]

2011-02-26  Michael Snyder  <msnyder@vmware.com>

	* hostio.c (handle_pwrite): Free alloced buffer on early return.

Index: hostio.c
===================================================================
RCS file: /cvs/src/src/gdb/gdbserver/hostio.c,v
retrieving revision 1.11
diff -u -p -u -p -r1.11 hostio.c
--- hostio.c	1 Jan 2011 15:33:24 -0000	1.11
+++ hostio.c	27 Feb 2011 00:27:20 -0000
@@ -367,6 +367,7 @@ handle_pwrite (char *own_buf, int packet
       || require_data (p, packet_len - (p - own_buf), &data, &len))
     {
       hostio_packet_error (own_buf);
+      free (data);
       return;
     }
 

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [RFA] Fix memory leak in gdbserver/hostio.c
  2011-02-27  0:40 [RFA] Fix memory leak in gdbserver/hostio.c Michael Snyder
@ 2011-02-27 17:10 ` Pedro Alves
  2011-02-27 21:57   ` Michael Snyder
  0 siblings, 1 reply; 6+ messages in thread
From: Pedro Alves @ 2011-02-27 17:10 UTC (permalink / raw)
  To: gdb-patches; +Cc: Michael Snyder, drow

On Sunday 27 February 2011 00:30:38, Michael Snyder wrote:
> Found by coverity.

Do you try running coverity on your patches?

> @@ -367,6 +367,7 @@ handle_pwrite (char *own_buf, int packet
>        || require_data (p, packet_len - (p - own_buf), &data, &len))
>      {
>        hostio_packet_error (own_buf);
> +      free (data);
>        return;
>      }

This is wrong.  If any predicate other than require_data in if above
returned true, then you'll be freeing a garbage pointer.  I'd
fix this in require_data ... just free the output buffer when
returning error, so the callers never have to.

-- 
Pedro Alves


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [RFA] Fix memory leak in gdbserver/hostio.c
  2011-02-27 17:10 ` Pedro Alves
@ 2011-02-27 21:57   ` Michael Snyder
  2011-02-27 23:29     ` Pedro Alves
  2011-02-28  4:39     ` [commit] Compilation regression [Re: [RFA] Fix memory leak in gdbserver/hostio.c] Jan Kratochvil
  0 siblings, 2 replies; 6+ messages in thread
From: Michael Snyder @ 2011-02-27 21:57 UTC (permalink / raw)
  To: Pedro Alves; +Cc: gdb-patches, drow

[-- Attachment #1: Type: text/plain, Size: 657 bytes --]

Pedro Alves wrote:
> On Sunday 27 February 2011 00:30:38, Michael Snyder wrote:
>> Found by coverity.
> 
> Do you try running coverity on your patches?
> 
>> @@ -367,6 +367,7 @@ handle_pwrite (char *own_buf, int packet
>>        || require_data (p, packet_len - (p - own_buf), &data, &len))
>>      {
>>        hostio_packet_error (own_buf);
>> +      free (data);
>>        return;
>>      }
> 
> This is wrong.  If any predicate other than require_data in if above
> returned true, then you'll be freeing a garbage pointer.  I'd
> fix this in require_data ... just free the output buffer when
> returning error, so the callers never have to.

Like this?


[-- Attachment #2: hostio2.txt --]
[-- Type: text/plain, Size: 597 bytes --]

2011-02-27  Michael Snyder  <msnyder@vmware.com>

	* hostio.c (require_data): Free malloc memory before returning
	error.

Index: hostio.c
===================================================================
RCS file: /cvs/src/src/gdb/gdbserver/hostio.c,v
retrieving revision 1.11
diff -u -p -u -p -r1.11 hostio.c
--- hostio.c	1 Jan 2011 15:33:24 -0000	1.11
+++ hostio.c	27 Feb 2011 21:48:00 -0000
@@ -134,7 +134,10 @@ require_data (char *p, int p_len, char *
     }
 
   if (escaped)
-    return -1;
+    {
+      xfree (data);
+      return -1;
+    }
 
   *data_len = output_index;
   return 0;

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [RFA] Fix memory leak in gdbserver/hostio.c
  2011-02-27 21:57   ` Michael Snyder
@ 2011-02-27 23:29     ` Pedro Alves
  2011-02-28  4:39     ` [commit] Compilation regression [Re: [RFA] Fix memory leak in gdbserver/hostio.c] Jan Kratochvil
  1 sibling, 0 replies; 6+ messages in thread
From: Pedro Alves @ 2011-02-27 23:29 UTC (permalink / raw)
  To: Michael Snyder; +Cc: gdb-patches, drow

On Sunday 27 February 2011 21:50:11, Michael Snyder wrote:
> Pedro Alves wrote:
> > This is wrong.  If any predicate other than require_data in if above
> > returned true, then you'll be freeing a garbage pointer.  I'd
> > fix this in require_data ... just free the output buffer when
> > returning error, so the callers never have to.
> 
> Like this?

Yes, thanks.

-- 
Pedro Alves


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [commit] Compilation regression  [Re: [RFA] Fix memory leak in gdbserver/hostio.c]
  2011-02-27 21:57   ` Michael Snyder
  2011-02-27 23:29     ` Pedro Alves
@ 2011-02-28  4:39     ` Jan Kratochvil
  2011-02-28 16:00       ` Ulrich Weigand
  1 sibling, 1 reply; 6+ messages in thread
From: Jan Kratochvil @ 2011-02-28  4:39 UTC (permalink / raw)
  To: Michael Snyder; +Cc: Pedro Alves, gdb-patches, drow

On Sun, 27 Feb 2011 22:50:11 +0100, Michael Snyder wrote:
> 2011-02-27  Michael Snyder  <msnyder@vmware.com>
> 
> 	* hostio.c (require_data): Free malloc memory before returning
> 	error.
> 
> --- hostio.c	1 Jan 2011 15:33:24 -0000	1.11
> +++ hostio.c	27 Feb 2011 21:48:00 -0000
> @@ -134,7 +134,10 @@ require_data (char *p, int p_len, char *
> +      xfree (data);

 = http://sourceware.org/ml/gdb-cvs/2011-02/msg00220.html

hostio.c: In function ‘require_data’:
hostio.c:138:7: error: implicit declaration of function ‘xfree’ [-Werror=implicit-function-declaration]
cc1: all warnings being treated as errors
make: *** [hostio.o] Error 1

It could not build as -Werror is there by default, could it?

Checked in the fix.


Regards,
Jan


http://sourceware.org/ml/gdb-cvs/2011-02/msg00227.html

--- src/gdb/gdbserver/ChangeLog	2011/02/28 01:46:50	1.459
+++ src/gdb/gdbserver/ChangeLog	2011/02/28 04:20:29	1.460
@@ -1,3 +1,7 @@
+2011-02-28  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	* hostio.c (require_data): Use free, not xfree.
+
 2011-02-27  Michael Snyder  <msnyder@vmware.com>
 
 	* server.c (handle_query): Discard unused value.
--- src/gdb/gdbserver/hostio.c	2011/02/27 23:32:04	1.12
+++ src/gdb/gdbserver/hostio.c	2011/02/28 04:20:30	1.13
@@ -135,7 +135,7 @@
 
   if (escaped)
     {
-      xfree (data);
+      free (data);
       return -1;
     }
 


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [commit] Compilation regression  [Re: [RFA] Fix memory leak in gdbserver/hostio.c]
  2011-02-28  4:39     ` [commit] Compilation regression [Re: [RFA] Fix memory leak in gdbserver/hostio.c] Jan Kratochvil
@ 2011-02-28 16:00       ` Ulrich Weigand
  0 siblings, 0 replies; 6+ messages in thread
From: Ulrich Weigand @ 2011-02-28 16:00 UTC (permalink / raw)
  To: Jan Kratochvil; +Cc: Michael Snyder, Pedro Alves, gdb-patches, drow

Jan Kratochvil wrote:
> On Sun, 27 Feb 2011 22:50:11 +0100, Michael Snyder wrote:
> > 2011-02-27  Michael Snyder  <msnyder@vmware.com>
> > 
> > 	* hostio.c (require_data): Free malloc memory before returning
> > 	error.
> > 
> > --- hostio.c	1 Jan 2011 15:33:24 -0000	1.11
> > +++ hostio.c	27 Feb 2011 21:48:00 -0000
> > @@ -134,7 +134,10 @@ require_data (char *p, int p_len, char *
> > +      xfree (data);
> 
>  = http://sourceware.org/ml/gdb-cvs/2011-02/msg00220.html
> 
> hostio.c: In function ^[$B!F^[(Brequire_data^[$B!G^[(B:
> hostio.c:138:7: error: implicit declaration of function ^[$B!F^[(Bxfree^[$B!G^[(B [-Werror=implicit-function-declaration]
> cc1: all warnings being treated as errors
> make: *** [hostio.o] Error 1
> 
> It could not build as -Werror is there by default, could it?
> 
> Checked in the fix.

Actually, this is still broken:

/home/uweigand/fsf/gdb-head/gdb/gdbserver/hostio.c:138: error: attempt to free a non-heap object 'data'

The allocated object is *data, not data (data is of type char ** here).

Checked in the following fix.

Bye,
Ulrich

ChangeLog:

	* hostio.c (require_data): Free *data, not data.

Index: gdb/gdbserver/hostio.c
===================================================================
RCS file: /cvs/src/src/gdb/gdbserver/hostio.c,v
retrieving revision 1.13
diff -u -p -r1.13 hostio.c
--- gdb/gdbserver/hostio.c	28 Feb 2011 04:20:30 -0000	1.13
+++ gdb/gdbserver/hostio.c	28 Feb 2011 15:38:59 -0000
@@ -135,7 +135,7 @@ require_data (char *p, int p_len, char *
 
   if (escaped)
     {
-      free (data);
+      free (*data);
       return -1;
     }
 

-- 
  Dr. Ulrich Weigand
  GNU Toolchain for Linux on System z and Cell BE
  Ulrich.Weigand@de.ibm.com


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2011-02-28 15:57 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-02-27  0:40 [RFA] Fix memory leak in gdbserver/hostio.c Michael Snyder
2011-02-27 17:10 ` Pedro Alves
2011-02-27 21:57   ` Michael Snyder
2011-02-27 23:29     ` Pedro Alves
2011-02-28  4:39     ` [commit] Compilation regression [Re: [RFA] Fix memory leak in gdbserver/hostio.c] Jan Kratochvil
2011-02-28 16:00       ` Ulrich Weigand

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox