[PATCH] utilities: kernelscan: fix memory leaks and a segfault

Colin King colin.king at canonical.com
Wed Dec 16 11:19:41 UTC 2015 

From: Colin Ian King <colin.king at canonical.com>

Fix a few memory leaks found using static analysis by
clang scan-build.  Also fix a segfault caused by a
re-allocation on a token buffer that did not reset the
token pointer to a new heap buffer if a realloc() returned
an expanded buffer at a new location.

Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
 src/utilities/kernelscan.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/utilities/kernelscan.c b/src/utilities/kernelscan.c
index 4225b88..3727dbf 100644
--- a/src/utilities/kernelscan.c
+++ b/src/utilities/kernelscan.c
@@ -172,6 +172,7 @@ static void token_new(token *t)
 	t->len = 1024;
 	t->ptr = t->token;
 	t->type = TOKEN_UNKNOWN;
+	*(t->ptr) = '\0';
 }
 
 /*
@@ -189,8 +190,12 @@ static void token_clear(token *t)
  */
 static void token_free(token *t)
 {
+	fflush(stderr);
 	free(t->token);
 	t->token = NULL;
+	t->ptr = NULL;
+	t->len = 0;
+	t->type = TOKEN_UNKNOWN;
 }
 
 /*
@@ -207,11 +212,14 @@ static void token_append(token *t, int ch)
 		*(t->ptr) = 0;
 	} else {
 		/* No more space, add 1K more space */
+		ptrdiff_t diff = t->ptr - t->token;
+
 		t->len += 1024;
 		if ((t->token = realloc(t->token, t->len)) == NULL) {
 			fprintf(stderr, "token_append: Out of memory!\n");
 			exit(EXIT_FAILURE);
 		}
+		t->ptr = t->token + diff;
 		*(t->ptr) = ch;
 		t->ptr++;
 		*(t->ptr) = 0;
@@ -797,6 +805,7 @@ static int parse_kernel_message(parser *p, token *t)
 		int ret = get_token(p, t);
 		if (ret == EOF) {
 			free(line);
+			free(str);
 			return EOF;
 		}
 
@@ -810,8 +819,9 @@ static int parse_kernel_message(parser *p, token *t)
 				} else {
 					printf("ADD: %s\n", line);
 				}
-				free(line);
 			}
+			free(line);
+			free(str);
 			return PARSER_OK;
 		}
 
@@ -952,16 +962,20 @@ static int parse_cpp_includes(FILE *fp)
 		if (t.type == TOKEN_CPP) {
 			for (;;) {
 				token_clear(&t);
-				if (get_token(&p, &t) == EOF)
+				if (get_token(&p, &t) == EOF) {
+					token_free(&t);
 					return EOF;
+				}
 				if (strcmp(t.token, "\n") == 0)
 					break;
 				if (t.type == TOKEN_WHITE_SPACE) {
 					continue;
 				}
 				if (strcmp(t.token, "include") == 0) {
-					if (parse_cpp_include(&p, &t) == EOF)
+					if (parse_cpp_include(&p, &t) == EOF) {
+						token_free(&t);
 						return EOF;
+					}
 					break;
 				}
 				printf("#%s", t.token);
@@ -972,6 +986,7 @@ static int parse_cpp_includes(FILE *fp)
 		}
 		token_clear(&t);
 	}
+	token_free(&t);
 	return EOF;
 }
 
-- 
2.6.4

More information about the fwts-devel mailing list