NACK: [PATCH] utilities: kernelscan: fix memory leaks and a segfault

Colin Ian King colin.king at canonical.com
Wed Dec 16 11:28:41 UTC 2015


Ignore this patch, it contained an extraneous fflush() that I left in by
mistake from an earlier debugging session.  V2 coming soon.

On 16/12/15 11:19, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
> 
> Fix a few memory leaks found using static analysis by
> clang scan-build.  Also fix a segfault caused by a
> re-allocation on a token buffer that did not reset the
> token pointer to a new heap buffer if a realloc() returned
> an expanded buffer at a new location.
> 
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
>  src/utilities/kernelscan.c | 21 ++++++++++++++++++---
>  1 file changed, 18 insertions(+), 3 deletions(-)
> 
> diff --git a/src/utilities/kernelscan.c b/src/utilities/kernelscan.c
> index 4225b88..3727dbf 100644
> --- a/src/utilities/kernelscan.c
> +++ b/src/utilities/kernelscan.c
> @@ -172,6 +172,7 @@ static void token_new(token *t)
>  	t->len = 1024;
>  	t->ptr = t->token;
>  	t->type = TOKEN_UNKNOWN;
> +	*(t->ptr) = '\0';
>  }
>  
>  /*
> @@ -189,8 +190,12 @@ static void token_clear(token *t)
>   */
>  static void token_free(token *t)
>  {
> +	fflush(stderr);
>  	free(t->token);
>  	t->token = NULL;
> +	t->ptr = NULL;
> +	t->len = 0;
> +	t->type = TOKEN_UNKNOWN;
>  }
>  
>  /*
> @@ -207,11 +212,14 @@ static void token_append(token *t, int ch)
>  		*(t->ptr) = 0;
>  	} else {
>  		/* No more space, add 1K more space */
> +		ptrdiff_t diff = t->ptr - t->token;
> +
>  		t->len += 1024;
>  		if ((t->token = realloc(t->token, t->len)) == NULL) {
>  			fprintf(stderr, "token_append: Out of memory!\n");
>  			exit(EXIT_FAILURE);
>  		}
> +		t->ptr = t->token + diff;
>  		*(t->ptr) = ch;
>  		t->ptr++;
>  		*(t->ptr) = 0;
> @@ -797,6 +805,7 @@ static int parse_kernel_message(parser *p, token *t)
>  		int ret = get_token(p, t);
>  		if (ret == EOF) {
>  			free(line);
> +			free(str);
>  			return EOF;
>  		}
>  
> @@ -810,8 +819,9 @@ static int parse_kernel_message(parser *p, token *t)
>  				} else {
>  					printf("ADD: %s\n", line);
>  				}
> -				free(line);
>  			}
> +			free(line);
> +			free(str);
>  			return PARSER_OK;
>  		}
>  
> @@ -952,16 +962,20 @@ static int parse_cpp_includes(FILE *fp)
>  		if (t.type == TOKEN_CPP) {
>  			for (;;) {
>  				token_clear(&t);
> -				if (get_token(&p, &t) == EOF)
> +				if (get_token(&p, &t) == EOF) {
> +					token_free(&t);
>  					return EOF;
> +				}
>  				if (strcmp(t.token, "\n") == 0)
>  					break;
>  				if (t.type == TOKEN_WHITE_SPACE) {
>  					continue;
>  				}
>  				if (strcmp(t.token, "include") == 0) {
> -					if (parse_cpp_include(&p, &t) == EOF)
> +					if (parse_cpp_include(&p, &t) == EOF) {
> +						token_free(&t);
>  						return EOF;
> +					}
>  					break;
>  				}
>  				printf("#%s", t.token);
> @@ -972,6 +986,7 @@ static int parse_cpp_includes(FILE *fp)
>  		}
>  		token_clear(&t);
>  	}
> +	token_free(&t);
>  	return EOF;
>  }
>  
> 




More information about the fwts-devel mailing list