* [RFA] Fix memory leak in gdbserver/hostio.c
@ 2011-02-27 0:40 Michael Snyder
2011-02-27 17:10 ` Pedro Alves
0 siblings, 1 reply; 6+ messages in thread
From: Michael Snyder @ 2011-02-27 0:40 UTC (permalink / raw)
To: gdb-patches; +Cc: drow
[-- Attachment #1: Type: text/plain, Size: 20 bytes --]
Found by coverity.
[-- Attachment #2: hostio.txt --]
[-- Type: text/plain, Size: 610 bytes --]
2011-02-26 Michael Snyder <msnyder@vmware.com>
* hostio.c (handle_pwrite): Free alloced buffer on early return.
Index: hostio.c
===================================================================
RCS file: /cvs/src/src/gdb/gdbserver/hostio.c,v
retrieving revision 1.11
diff -u -p -u -p -r1.11 hostio.c
--- hostio.c 1 Jan 2011 15:33:24 -0000 1.11
+++ hostio.c 27 Feb 2011 00:27:20 -0000
@@ -367,6 +367,7 @@ handle_pwrite (char *own_buf, int packet
|| require_data (p, packet_len - (p - own_buf), &data, &len))
{
hostio_packet_error (own_buf);
+ free (data);
return;
}
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] Fix memory leak in gdbserver/hostio.c
2011-02-27 0:40 [RFA] Fix memory leak in gdbserver/hostio.c Michael Snyder
@ 2011-02-27 17:10 ` Pedro Alves
2011-02-27 21:57 ` Michael Snyder
0 siblings, 1 reply; 6+ messages in thread
From: Pedro Alves @ 2011-02-27 17:10 UTC (permalink / raw)
To: gdb-patches; +Cc: Michael Snyder, drow
On Sunday 27 February 2011 00:30:38, Michael Snyder wrote:
> Found by coverity.
Do you try running coverity on your patches?
> @@ -367,6 +367,7 @@ handle_pwrite (char *own_buf, int packet
> || require_data (p, packet_len - (p - own_buf), &data, &len))
> {
> hostio_packet_error (own_buf);
> + free (data);
> return;
> }
This is wrong. If any predicate other than require_data in if above
returned true, then you'll be freeing a garbage pointer. I'd
fix this in require_data ... just free the output buffer when
returning error, so the callers never have to.
--
Pedro Alves
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] Fix memory leak in gdbserver/hostio.c
2011-02-27 17:10 ` Pedro Alves
@ 2011-02-27 21:57 ` Michael Snyder
2011-02-27 23:29 ` Pedro Alves
2011-02-28 4:39 ` [commit] Compilation regression [Re: [RFA] Fix memory leak in gdbserver/hostio.c] Jan Kratochvil
0 siblings, 2 replies; 6+ messages in thread
From: Michael Snyder @ 2011-02-27 21:57 UTC (permalink / raw)
To: Pedro Alves; +Cc: gdb-patches, drow
[-- Attachment #1: Type: text/plain, Size: 657 bytes --]
Pedro Alves wrote:
> On Sunday 27 February 2011 00:30:38, Michael Snyder wrote:
>> Found by coverity.
>
> Do you try running coverity on your patches?
>
>> @@ -367,6 +367,7 @@ handle_pwrite (char *own_buf, int packet
>> || require_data (p, packet_len - (p - own_buf), &data, &len))
>> {
>> hostio_packet_error (own_buf);
>> + free (data);
>> return;
>> }
>
> This is wrong. If any predicate other than require_data in if above
> returned true, then you'll be freeing a garbage pointer. I'd
> fix this in require_data ... just free the output buffer when
> returning error, so the callers never have to.
Like this?
[-- Attachment #2: hostio2.txt --]
[-- Type: text/plain, Size: 597 bytes --]
2011-02-27 Michael Snyder <msnyder@vmware.com>
* hostio.c (require_data): Free malloc memory before returning
error.
Index: hostio.c
===================================================================
RCS file: /cvs/src/src/gdb/gdbserver/hostio.c,v
retrieving revision 1.11
diff -u -p -u -p -r1.11 hostio.c
--- hostio.c 1 Jan 2011 15:33:24 -0000 1.11
+++ hostio.c 27 Feb 2011 21:48:00 -0000
@@ -134,7 +134,10 @@ require_data (char *p, int p_len, char *
}
if (escaped)
- return -1;
+ {
+ xfree (data);
+ return -1;
+ }
*data_len = output_index;
return 0;
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] Fix memory leak in gdbserver/hostio.c
2011-02-27 21:57 ` Michael Snyder
@ 2011-02-27 23:29 ` Pedro Alves
2011-02-28 4:39 ` [commit] Compilation regression [Re: [RFA] Fix memory leak in gdbserver/hostio.c] Jan Kratochvil
1 sibling, 0 replies; 6+ messages in thread
From: Pedro Alves @ 2011-02-27 23:29 UTC (permalink / raw)
To: Michael Snyder; +Cc: gdb-patches, drow
On Sunday 27 February 2011 21:50:11, Michael Snyder wrote:
> Pedro Alves wrote:
> > This is wrong. If any predicate other than require_data in if above
> > returned true, then you'll be freeing a garbage pointer. I'd
> > fix this in require_data ... just free the output buffer when
> > returning error, so the callers never have to.
>
> Like this?
Yes, thanks.
--
Pedro Alves
^ permalink raw reply [flat|nested] 6+ messages in thread
* [commit] Compilation regression [Re: [RFA] Fix memory leak in gdbserver/hostio.c]
2011-02-27 21:57 ` Michael Snyder
2011-02-27 23:29 ` Pedro Alves
@ 2011-02-28 4:39 ` Jan Kratochvil
2011-02-28 16:00 ` Ulrich Weigand
1 sibling, 1 reply; 6+ messages in thread
From: Jan Kratochvil @ 2011-02-28 4:39 UTC (permalink / raw)
To: Michael Snyder; +Cc: Pedro Alves, gdb-patches, drow
On Sun, 27 Feb 2011 22:50:11 +0100, Michael Snyder wrote:
> 2011-02-27 Michael Snyder <msnyder@vmware.com>
>
> * hostio.c (require_data): Free malloc memory before returning
> error.
>
> --- hostio.c 1 Jan 2011 15:33:24 -0000 1.11
> +++ hostio.c 27 Feb 2011 21:48:00 -0000
> @@ -134,7 +134,10 @@ require_data (char *p, int p_len, char *
> + xfree (data);
= http://sourceware.org/ml/gdb-cvs/2011-02/msg00220.html
hostio.c: In function ‘require_data’:
hostio.c:138:7: error: implicit declaration of function ‘xfree’ [-Werror=implicit-function-declaration]
cc1: all warnings being treated as errors
make: *** [hostio.o] Error 1
It could not build as -Werror is there by default, could it?
Checked in the fix.
Regards,
Jan
http://sourceware.org/ml/gdb-cvs/2011-02/msg00227.html
--- src/gdb/gdbserver/ChangeLog 2011/02/28 01:46:50 1.459
+++ src/gdb/gdbserver/ChangeLog 2011/02/28 04:20:29 1.460
@@ -1,3 +1,7 @@
+2011-02-28 Jan Kratochvil <jan.kratochvil@redhat.com>
+
+ * hostio.c (require_data): Use free, not xfree.
+
2011-02-27 Michael Snyder <msnyder@vmware.com>
* server.c (handle_query): Discard unused value.
--- src/gdb/gdbserver/hostio.c 2011/02/27 23:32:04 1.12
+++ src/gdb/gdbserver/hostio.c 2011/02/28 04:20:30 1.13
@@ -135,7 +135,7 @@
if (escaped)
{
- xfree (data);
+ free (data);
return -1;
}
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [commit] Compilation regression [Re: [RFA] Fix memory leak in gdbserver/hostio.c]
2011-02-28 4:39 ` [commit] Compilation regression [Re: [RFA] Fix memory leak in gdbserver/hostio.c] Jan Kratochvil
@ 2011-02-28 16:00 ` Ulrich Weigand
0 siblings, 0 replies; 6+ messages in thread
From: Ulrich Weigand @ 2011-02-28 16:00 UTC (permalink / raw)
To: Jan Kratochvil; +Cc: Michael Snyder, Pedro Alves, gdb-patches, drow
Jan Kratochvil wrote:
> On Sun, 27 Feb 2011 22:50:11 +0100, Michael Snyder wrote:
> > 2011-02-27 Michael Snyder <msnyder@vmware.com>
> >
> > * hostio.c (require_data): Free malloc memory before returning
> > error.
> >
> > --- hostio.c 1 Jan 2011 15:33:24 -0000 1.11
> > +++ hostio.c 27 Feb 2011 21:48:00 -0000
> > @@ -134,7 +134,10 @@ require_data (char *p, int p_len, char *
> > + xfree (data);
>
> = http://sourceware.org/ml/gdb-cvs/2011-02/msg00220.html
>
> hostio.c: In function ^[$B!F^[(Brequire_data^[$B!G^[(B:
> hostio.c:138:7: error: implicit declaration of function ^[$B!F^[(Bxfree^[$B!G^[(B [-Werror=implicit-function-declaration]
> cc1: all warnings being treated as errors
> make: *** [hostio.o] Error 1
>
> It could not build as -Werror is there by default, could it?
>
> Checked in the fix.
Actually, this is still broken:
/home/uweigand/fsf/gdb-head/gdb/gdbserver/hostio.c:138: error: attempt to free a non-heap object 'data'
The allocated object is *data, not data (data is of type char ** here).
Checked in the following fix.
Bye,
Ulrich
ChangeLog:
* hostio.c (require_data): Free *data, not data.
Index: gdb/gdbserver/hostio.c
===================================================================
RCS file: /cvs/src/src/gdb/gdbserver/hostio.c,v
retrieving revision 1.13
diff -u -p -r1.13 hostio.c
--- gdb/gdbserver/hostio.c 28 Feb 2011 04:20:30 -0000 1.13
+++ gdb/gdbserver/hostio.c 28 Feb 2011 15:38:59 -0000
@@ -135,7 +135,7 @@ require_data (char *p, int p_len, char *
if (escaped)
{
- free (data);
+ free (*data);
return -1;
}
--
Dr. Ulrich Weigand
GNU Toolchain for Linux on System z and Cell BE
Ulrich.Weigand@de.ibm.com
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-02-28 15:57 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-02-27 0:40 [RFA] Fix memory leak in gdbserver/hostio.c Michael Snyder
2011-02-27 17:10 ` Pedro Alves
2011-02-27 21:57 ` Michael Snyder
2011-02-27 23:29 ` Pedro Alves
2011-02-28 4:39 ` [commit] Compilation regression [Re: [RFA] Fix memory leak in gdbserver/hostio.c] Jan Kratochvil
2011-02-28 16:00 ` Ulrich Weigand
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox