From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17903 invoked by alias); 27 Feb 2011 21:50:18 -0000 Received: (qmail 17885 invoked by uid 22791); 27 Feb 2011 21:50:17 -0000 X-SWARE-Spam-Status: No, hits=-5.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from smtp-outbound-2.vmware.com (HELO smtp-outbound-2.vmware.com) (65.115.85.73) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 27 Feb 2011 21:50:12 +0000 Received: from mailhost3.vmware.com (mailhost3.vmware.com [10.16.27.45]) by smtp-outbound-2.vmware.com (Postfix) with ESMTP id 9CBF933000; Sun, 27 Feb 2011 13:50:11 -0800 (PST) Received: from msnyder-server.eng.vmware.com (promd-2s-dhcp138.eng.vmware.com [10.20.124.138]) by mailhost3.vmware.com (Postfix) with ESMTP id 934B8CD94A; Sun, 27 Feb 2011 13:50:11 -0800 (PST) Message-ID: <4D6AC713.10800@vmware.com> Date: Sun, 27 Feb 2011 21:57:00 -0000 From: Michael Snyder User-Agent: Thunderbird 2.0.0.24 (X11/20101201) MIME-Version: 1.0 To: Pedro Alves CC: "gdb-patches@sourceware.org" , "drow@false.org" Subject: Re: [RFA] Fix memory leak in gdbserver/hostio.c References: <4D699B2E.3020107@vmware.com> <201102271705.43466.pedro@codesourcery.com> In-Reply-To: <201102271705.43466.pedro@codesourcery.com> Content-Type: multipart/mixed; boundary="------------050203060904080300050903" X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-02/txt/msg00852.txt.bz2 This is a multi-part message in MIME format. --------------050203060904080300050903 Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Transfer-Encoding: 7bit Content-length: 657 Pedro Alves wrote: > On Sunday 27 February 2011 00:30:38, Michael Snyder wrote: >> Found by coverity. > > Do you try running coverity on your patches? > >> @@ -367,6 +367,7 @@ handle_pwrite (char *own_buf, int packet >> || require_data (p, packet_len - (p - own_buf), &data, &len)) >> { >> hostio_packet_error (own_buf); >> + free (data); >> return; >> } > > This is wrong. If any predicate other than require_data in if above > returned true, then you'll be freeing a garbage pointer. I'd > fix this in require_data ... just free the output buffer when > returning error, so the callers never have to. Like this? --------------050203060904080300050903 Content-Type: text/plain; name="hostio2.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="hostio2.txt" Content-length: 597 2011-02-27 Michael Snyder * hostio.c (require_data): Free malloc memory before returning error. Index: hostio.c =================================================================== RCS file: /cvs/src/src/gdb/gdbserver/hostio.c,v retrieving revision 1.11 diff -u -p -u -p -r1.11 hostio.c --- hostio.c 1 Jan 2011 15:33:24 -0000 1.11 +++ hostio.c 27 Feb 2011 21:48:00 -0000 @@ -134,7 +134,10 @@ require_data (char *p, int p_len, char * } if (escaped) - return -1; + { + xfree (data); + return -1; + } *data_len = output_index; return 0; --------------050203060904080300050903--