diff mbox

utilities: kernelscan: fix memory leaks and a segfault

Message ID 1450264781-4726-1-git-send-email-colin.king@canonical.com
State Superseded
Headers show

Commit Message

Colin Ian King Dec. 16, 2015, 11:19 a.m. UTC
From: Colin Ian King <colin.king@canonical.com>

Fix a few memory leaks found using static analysis by
clang scan-build.  Also fix a segfault caused by a
re-allocation on a token buffer that did not reset the
token pointer to a new heap buffer if a realloc() returned
an expanded buffer at a new location.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 src/utilities/kernelscan.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

Comments

Colin Ian King Dec. 16, 2015, 11:28 a.m. UTC | #1
Ignore this patch, it contained an extraneous fflush() that I left in by
mistake from an earlier debugging session.  V2 coming soon.

On 16/12/15 11:19, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
> 
> Fix a few memory leaks found using static analysis by
> clang scan-build.  Also fix a segfault caused by a
> re-allocation on a token buffer that did not reset the
> token pointer to a new heap buffer if a realloc() returned
> an expanded buffer at a new location.
> 
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
>  src/utilities/kernelscan.c | 21 ++++++++++++++++++---
>  1 file changed, 18 insertions(+), 3 deletions(-)
> 
> diff --git a/src/utilities/kernelscan.c b/src/utilities/kernelscan.c
> index 4225b88..3727dbf 100644
> --- a/src/utilities/kernelscan.c
> +++ b/src/utilities/kernelscan.c
> @@ -172,6 +172,7 @@ static void token_new(token *t)
>  	t->len = 1024;
>  	t->ptr = t->token;
>  	t->type = TOKEN_UNKNOWN;
> +	*(t->ptr) = '\0';
>  }
>  
>  /*
> @@ -189,8 +190,12 @@ static void token_clear(token *t)
>   */
>  static void token_free(token *t)
>  {
> +	fflush(stderr);
>  	free(t->token);
>  	t->token = NULL;
> +	t->ptr = NULL;
> +	t->len = 0;
> +	t->type = TOKEN_UNKNOWN;
>  }
>  
>  /*
> @@ -207,11 +212,14 @@ static void token_append(token *t, int ch)
>  		*(t->ptr) = 0;
>  	} else {
>  		/* No more space, add 1K more space */
> +		ptrdiff_t diff = t->ptr - t->token;
> +
>  		t->len += 1024;
>  		if ((t->token = realloc(t->token, t->len)) == NULL) {
>  			fprintf(stderr, "token_append: Out of memory!\n");
>  			exit(EXIT_FAILURE);
>  		}
> +		t->ptr = t->token + diff;
>  		*(t->ptr) = ch;
>  		t->ptr++;
>  		*(t->ptr) = 0;
> @@ -797,6 +805,7 @@ static int parse_kernel_message(parser *p, token *t)
>  		int ret = get_token(p, t);
>  		if (ret == EOF) {
>  			free(line);
> +			free(str);
>  			return EOF;
>  		}
>  
> @@ -810,8 +819,9 @@ static int parse_kernel_message(parser *p, token *t)
>  				} else {
>  					printf("ADD: %s\n", line);
>  				}
> -				free(line);
>  			}
> +			free(line);
> +			free(str);
>  			return PARSER_OK;
>  		}
>  
> @@ -952,16 +962,20 @@ static int parse_cpp_includes(FILE *fp)
>  		if (t.type == TOKEN_CPP) {
>  			for (;;) {
>  				token_clear(&t);
> -				if (get_token(&p, &t) == EOF)
> +				if (get_token(&p, &t) == EOF) {
> +					token_free(&t);
>  					return EOF;
> +				}
>  				if (strcmp(t.token, "\n") == 0)
>  					break;
>  				if (t.type == TOKEN_WHITE_SPACE) {
>  					continue;
>  				}
>  				if (strcmp(t.token, "include") == 0) {
> -					if (parse_cpp_include(&p, &t) == EOF)
> +					if (parse_cpp_include(&p, &t) == EOF) {
> +						token_free(&t);
>  						return EOF;
> +					}
>  					break;
>  				}
>  				printf("#%s", t.token);
> @@ -972,6 +986,7 @@ static int parse_cpp_includes(FILE *fp)
>  		}
>  		token_clear(&t);
>  	}
> +	token_free(&t);
>  	return EOF;
>  }
>  
>
diff mbox

Patch

diff --git a/src/utilities/kernelscan.c b/src/utilities/kernelscan.c
index 4225b88..3727dbf 100644
--- a/src/utilities/kernelscan.c
+++ b/src/utilities/kernelscan.c
@@ -172,6 +172,7 @@  static void token_new(token *t)
 	t->len = 1024;
 	t->ptr = t->token;
 	t->type = TOKEN_UNKNOWN;
+	*(t->ptr) = '\0';
 }
 
 /*
@@ -189,8 +190,12 @@  static void token_clear(token *t)
  */
 static void token_free(token *t)
 {
+	fflush(stderr);
 	free(t->token);
 	t->token = NULL;
+	t->ptr = NULL;
+	t->len = 0;
+	t->type = TOKEN_UNKNOWN;
 }
 
 /*
@@ -207,11 +212,14 @@  static void token_append(token *t, int ch)
 		*(t->ptr) = 0;
 	} else {
 		/* No more space, add 1K more space */
+		ptrdiff_t diff = t->ptr - t->token;
+
 		t->len += 1024;
 		if ((t->token = realloc(t->token, t->len)) == NULL) {
 			fprintf(stderr, "token_append: Out of memory!\n");
 			exit(EXIT_FAILURE);
 		}
+		t->ptr = t->token + diff;
 		*(t->ptr) = ch;
 		t->ptr++;
 		*(t->ptr) = 0;
@@ -797,6 +805,7 @@  static int parse_kernel_message(parser *p, token *t)
 		int ret = get_token(p, t);
 		if (ret == EOF) {
 			free(line);
+			free(str);
 			return EOF;
 		}
 
@@ -810,8 +819,9 @@  static int parse_kernel_message(parser *p, token *t)
 				} else {
 					printf("ADD: %s\n", line);
 				}
-				free(line);
 			}
+			free(line);
+			free(str);
 			return PARSER_OK;
 		}
 
@@ -952,16 +962,20 @@  static int parse_cpp_includes(FILE *fp)
 		if (t.type == TOKEN_CPP) {
 			for (;;) {
 				token_clear(&t);
-				if (get_token(&p, &t) == EOF)
+				if (get_token(&p, &t) == EOF) {
+					token_free(&t);
 					return EOF;
+				}
 				if (strcmp(t.token, "\n") == 0)
 					break;
 				if (t.type == TOKEN_WHITE_SPACE) {
 					continue;
 				}
 				if (strcmp(t.token, "include") == 0) {
-					if (parse_cpp_include(&p, &t) == EOF)
+					if (parse_cpp_include(&p, &t) == EOF) {
+						token_free(&t);
 						return EOF;
+					}
 					break;
 				}
 				printf("#%s", t.token);
@@ -972,6 +986,7 @@  static int parse_cpp_includes(FILE *fp)
 		}
 		token_clear(&t);
 	}
+	token_free(&t);
 	return EOF;
 }