* [PATCH] fs: Fix memory leak in mount() @ 2018-01-26 19:42 Sascha Hauer 2018-01-26 21:10 ` Sam Ravnborg 0 siblings, 1 reply; 4+ messages in thread From: Sascha Hauer @ 2018-01-26 19:42 UTC (permalink / raw) To: Barebox List "path" is allocated by normalise_path() and thus must be freed. This was done in the error path, but not in the success path. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> --- fs/fs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/fs.c b/fs/fs.c index 6f15e93ba9..7d0d97906d 100644 --- a/fs/fs.c +++ b/fs/fs.c @@ -1392,6 +1392,8 @@ int mount(const char *device, const char *fsname, const char *_path, fsdev_set_linux_rootarg(fsdev, str); } + free(path); + return 0; err_no_driver: -- 2.15.1 _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] fs: Fix memory leak in mount() 2018-01-26 19:42 [PATCH] fs: Fix memory leak in mount() Sascha Hauer @ 2018-01-26 21:10 ` Sam Ravnborg 2018-01-29 7:24 ` Sascha Hauer 0 siblings, 1 reply; 4+ messages in thread From: Sam Ravnborg @ 2018-01-26 21:10 UTC (permalink / raw) To: Sascha Hauer; +Cc: Barebox List Hi Sasha. On Fri, Jan 26, 2018 at 08:42:27PM +0100, Sascha Hauer wrote: > "path" is allocated by normalise_path() and thus must be > freed. This was done in the error path, but not in the success > path. > > Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> > --- > fs/fs.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/fs/fs.c b/fs/fs.c > index 6f15e93ba9..7d0d97906d 100644 > --- a/fs/fs.c > +++ b/fs/fs.c > @@ -1392,6 +1392,8 @@ int mount(const char *device, const char *fsname, const char *_path, > fsdev_set_linux_rootarg(fsdev, str); > } > > + free(path); > + > return 0; > > err_no_driver: An out: label so we only called free once was also an option. Both patterns are used in this file - so either should be OK. While browsing this file I think there is a few similar cases involving normalise_path(): automount_remove() path is assigned, but never freed. automount_add() am is allocated, but not freed if we return -ENOTDIR. And thus all of path, cmd, and am is leaked I also noticed: opendir() No check for PTR_ERR after calling canonalize_path() unlink() No check for PTR_ERR after call to canonalize_dir() readlink() No check for PTR_ERR after call to canonalize_dir() I can create patch for these - but I cannot do any thrustworthy testing. And for the canonalize() I am uncertain if the check is requied. Let me know your preference and I will take care. Sam _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] fs: Fix memory leak in mount() 2018-01-26 21:10 ` Sam Ravnborg @ 2018-01-29 7:24 ` Sascha Hauer 2018-01-29 19:05 ` Sam Ravnborg 0 siblings, 1 reply; 4+ messages in thread From: Sascha Hauer @ 2018-01-29 7:24 UTC (permalink / raw) To: Sam Ravnborg; +Cc: Barebox List Hi Sam, On Fri, Jan 26, 2018 at 10:10:25PM +0100, Sam Ravnborg wrote: > Hi Sasha. > > On Fri, Jan 26, 2018 at 08:42:27PM +0100, Sascha Hauer wrote: > > "path" is allocated by normalise_path() and thus must be > > freed. This was done in the error path, but not in the success > > path. > > > > Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> > > --- > > fs/fs.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/fs/fs.c b/fs/fs.c > > index 6f15e93ba9..7d0d97906d 100644 > > --- a/fs/fs.c > > +++ b/fs/fs.c > > @@ -1392,6 +1392,8 @@ int mount(const char *device, const char *fsname, const char *_path, > > fsdev_set_linux_rootarg(fsdev, str); > > } > > > > + free(path); > > + > > return 0; > > > > err_no_driver: > An out: label so we only called free once was also an option. > Both patterns are used in this file - so either should be OK. > > > While browsing this file I think there is a few similar > cases involving normalise_path(): > > automount_remove() > path is assigned, but never freed. > > automount_add() > am is allocated, but not freed if we return -ENOTDIR. And thus all of path, cmd, and am is leaked > > > I also noticed: > opendir() > No check for PTR_ERR after calling canonalize_path() > > unlink() > No check for PTR_ERR after call to canonalize_dir() > > readlink() > No check for PTR_ERR after call to canonalize_dir() Yes, the result should be checked. > > I can create patch for these - but I cannot do any thrustworthy testing. > And for the canonalize() I am uncertain if the check is requied. > Let me know your preference and I will take care. Patches would be very welcomed. Thanks Sam. Sascha -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] fs: Fix memory leak in mount() 2018-01-29 7:24 ` Sascha Hauer @ 2018-01-29 19:05 ` Sam Ravnborg 0 siblings, 0 replies; 4+ messages in thread From: Sam Ravnborg @ 2018-01-29 19:05 UTC (permalink / raw) To: Sascha Hauer; +Cc: Barebox List Hi Sasha. ... > > No check for PTR_ERR after calling canonalize_path() > > > > unlink() > > No check for PTR_ERR after call to canonalize_dir() > > > > readlink() > > No check for PTR_ERR after call to canonalize_dir() > > Yes, the result should be checked. > > > > > I can create patch for these - but I cannot do any thrustworthy testing. > > And for the canonalize() I am uncertain if the check is requied. > > Let me know your preference and I will take care. > > Patches would be very welcomed. Thanks Sam. Thanks for the confirmation. Will get back to this in a few weeks. Heading for vacation in a few days, so not time right now. Sam _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-01-29 19:06 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-01-26 19:42 [PATCH] fs: Fix memory leak in mount() Sascha Hauer 2018-01-26 21:10 ` Sam Ravnborg 2018-01-29 7:24 ` Sascha Hauer 2018-01-29 19:05 ` Sam Ravnborg
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox