| Message ID | 1450265256-8947-1-git-send-email-colin.king@canonical.com |
|---|---|
| State | Accepted |
| Headers | show |
On 2015年12月16日 19:27, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > Fix a few memory leaks found using static analysis by > clang scan-build. Also fix a segfault caused by a > re-allocation on a token buffer that did not reset the > token pointer to a new heap buffer if a realloc() returned > an expanded buffer at a new location. > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > src/utilities/kernelscan.c | 20 +++++++++++++++++--- > 1 file changed, 17 insertions(+), 3 deletions(-) > > diff --git a/src/utilities/kernelscan.c b/src/utilities/kernelscan.c > index 4225b88..8674e40 100644 > --- a/src/utilities/kernelscan.c > +++ b/src/utilities/kernelscan.c > @@ -172,6 +172,7 @@ static void token_new(token *t) > t->len = 1024; > t->ptr = t->token; > t->type = TOKEN_UNKNOWN; > + *(t->ptr) = '\0'; > } > > /* > @@ -191,6 +192,9 @@ static void token_free(token *t) > { > free(t->token); > t->token = NULL; > + t->ptr = NULL; > + t->len = 0; > + t->type = TOKEN_UNKNOWN; > } > > /* > @@ -207,11 +211,14 @@ static void token_append(token *t, int ch) > *(t->ptr) = 0; > } else { > /* No more space, add 1K more space */ > + ptrdiff_t diff = t->ptr - t->token; > + > t->len += 1024; > if ((t->token = realloc(t->token, t->len)) == NULL) { > fprintf(stderr, "token_append: Out of memory!\n"); > exit(EXIT_FAILURE); > } > + t->ptr = t->token + diff; > *(t->ptr) = ch; > t->ptr++; > *(t->ptr) = 0; > @@ -797,6 +804,7 @@ static int parse_kernel_message(parser *p, token *t) > int ret = get_token(p, t); > if (ret == EOF) { > free(line); > + free(str); > return EOF; > } > > @@ -810,8 +818,9 @@ static int parse_kernel_message(parser *p, token *t) > } else { > printf("ADD: %s\n", line); > } > - free(line); > } > + free(line); > + free(str); > return PARSER_OK; > } > > @@ -952,16 +961,20 @@ static int parse_cpp_includes(FILE *fp) > if (t.type == TOKEN_CPP) { > for (;;) { > token_clear(&t); > - if (get_token(&p, &t) == EOF) > + if (get_token(&p, &t) == EOF) { > + token_free(&t); > return EOF; > + } > if (strcmp(t.token, "\n") == 0) > break; > if (t.type == TOKEN_WHITE_SPACE) { > continue; > } > if (strcmp(t.token, "include") == 0) { > - if (parse_cpp_include(&p, &t) == EOF) > + if (parse_cpp_include(&p, &t) == EOF) { > + token_free(&t); > return EOF; > + } > break; > } > printf("#%s", t.token); > @@ -972,6 +985,7 @@ static int parse_cpp_includes(FILE *fp) > } > token_clear(&t); > } > + token_free(&t); > return EOF; > } > Acked-by: Ivan Hu <ivan.hu@canonical.com>
On 12/21/2015 05:48 PM, ivanhu wrote: > > > On 2015年12月16日 19:27, Colin King wrote: >> From: Colin Ian King <colin.king@canonical.com> >> >> Fix a few memory leaks found using static analysis by >> clang scan-build. Also fix a segfault caused by a >> re-allocation on a token buffer that did not reset the >> token pointer to a new heap buffer if a realloc() returned >> an expanded buffer at a new location. >> >> Signed-off-by: Colin Ian King <colin.king@canonical.com> >> --- >> src/utilities/kernelscan.c | 20 +++++++++++++++++--- >> 1 file changed, 17 insertions(+), 3 deletions(-) >> >> diff --git a/src/utilities/kernelscan.c b/src/utilities/kernelscan.c >> index 4225b88..8674e40 100644 >> --- a/src/utilities/kernelscan.c >> +++ b/src/utilities/kernelscan.c >> @@ -172,6 +172,7 @@ static void token_new(token *t) >> t->len = 1024; >> t->ptr = t->token; >> t->type = TOKEN_UNKNOWN; >> + *(t->ptr) = '\0'; >> } >> /* >> @@ -191,6 +192,9 @@ static void token_free(token *t) >> { >> free(t->token); >> t->token = NULL; >> + t->ptr = NULL; >> + t->len = 0; >> + t->type = TOKEN_UNKNOWN; >> } >> /* >> @@ -207,11 +211,14 @@ static void token_append(token *t, int ch) >> *(t->ptr) = 0; >> } else { >> /* No more space, add 1K more space */ >> + ptrdiff_t diff = t->ptr - t->token; >> + >> t->len += 1024; >> if ((t->token = realloc(t->token, t->len)) == NULL) { >> fprintf(stderr, "token_append: Out of memory!\n"); >> exit(EXIT_FAILURE); >> } >> + t->ptr = t->token + diff; >> *(t->ptr) = ch; >> t->ptr++; >> *(t->ptr) = 0; >> @@ -797,6 +804,7 @@ static int parse_kernel_message(parser *p, token *t) >> int ret = get_token(p, t); >> if (ret == EOF) { >> free(line); >> + free(str); >> return EOF; >> } >> @@ -810,8 +818,9 @@ static int parse_kernel_message(parser *p, token *t) >> } else { >> printf("ADD: %s\n", line); >> } >> - free(line); >> } >> + free(line); >> + free(str); >> return PARSER_OK; >> } >> @@ -952,16 +961,20 @@ static int parse_cpp_includes(FILE *fp) >> if (t.type == TOKEN_CPP) { >> for (;;) { >> token_clear(&t); >> - if (get_token(&p, &t) == EOF) >> + if (get_token(&p, &t) == EOF) { >> + token_free(&t); >> return EOF; >> + } >> if (strcmp(t.token, "\n") == 0) >> break; >> if (t.type == TOKEN_WHITE_SPACE) { >> continue; >> } >> if (strcmp(t.token, "include") == 0) { >> - if (parse_cpp_include(&p, &t) == EOF) >> + if (parse_cpp_include(&p, &t) == EOF) { >> + token_free(&t); >> return EOF; >> + } >> break; >> } >> printf("#%s", t.token); >> @@ -972,6 +985,7 @@ static int parse_cpp_includes(FILE *fp) >> } >> token_clear(&t); >> } >> + token_free(&t); >> return EOF; >> } > > Acked-by: Ivan Hu <ivan.hu@canonical.com> > Acked-by: Alex Hung <alex.hung@canonical.com>
diff --git a/src/utilities/kernelscan.c b/src/utilities/kernelscan.c index 4225b88..8674e40 100644 --- a/src/utilities/kernelscan.c +++ b/src/utilities/kernelscan.c @@ -172,6 +172,7 @@ static void token_new(token *t) t->len = 1024; t->ptr = t->token; t->type = TOKEN_UNKNOWN; + *(t->ptr) = '\0'; } /* @@ -191,6 +192,9 @@ static void token_free(token *t) { free(t->token); t->token = NULL; + t->ptr = NULL; + t->len = 0; + t->type = TOKEN_UNKNOWN; } /* @@ -207,11 +211,14 @@ static void token_append(token *t, int ch) *(t->ptr) = 0; } else { /* No more space, add 1K more space */ + ptrdiff_t diff = t->ptr - t->token; + t->len += 1024; if ((t->token = realloc(t->token, t->len)) == NULL) { fprintf(stderr, "token_append: Out of memory!\n"); exit(EXIT_FAILURE); } + t->ptr = t->token + diff; *(t->ptr) = ch; t->ptr++; *(t->ptr) = 0; @@ -797,6 +804,7 @@ static int parse_kernel_message(parser *p, token *t) int ret = get_token(p, t); if (ret == EOF) { free(line); + free(str); return EOF; } @@ -810,8 +818,9 @@ static int parse_kernel_message(parser *p, token *t) } else { printf("ADD: %s\n", line); } - free(line); } + free(line); + free(str); return PARSER_OK; } @@ -952,16 +961,20 @@ static int parse_cpp_includes(FILE *fp) if (t.type == TOKEN_CPP) { for (;;) { token_clear(&t); - if (get_token(&p, &t) == EOF) + if (get_token(&p, &t) == EOF) { + token_free(&t); return EOF; + } if (strcmp(t.token, "\n") == 0) break; if (t.type == TOKEN_WHITE_SPACE) { continue; } if (strcmp(t.token, "include") == 0) { - if (parse_cpp_include(&p, &t) == EOF) + if (parse_cpp_include(&p, &t) == EOF) { + token_free(&t); return EOF; + } break; } printf("#%s", t.token); @@ -972,6 +985,7 @@ static int parse_cpp_includes(FILE *fp) } token_clear(&t); } + token_free(&t); return EOF; }