[PATCH:xfs] Fix memory leaks when not using alloca
Alan Coopersmith
alan.coopersmith at oracle.com
Mon Jun 8 23:46:44 PDT 2015
Reported by Oracle Parfait 1.5.1:
Error: Memory leak (CWE 401)
Memory leak of pointer client_auth allocated with FSalloc((prefix->num_auths * 24))
at line 256 of difs/dispatch.c in function 'ProcEstablishConnection'.
client_auth allocated at line 243 with FSalloc((prefix->num_auths * 24)).
client_auth leaks when (((Atom)ad) - ((Atom)(prefix + 8))) > ((stuff->length << 2) - 4) at line 252.
malloc called at line 372 of os/utils.c in function 'FSalloc'
at line 276 of difs/dispatch.c in function 'ProcEstablishConnection'.
client_auth allocated at line 243 with FSalloc((prefix->num_auths * 24)).
client_auth leaks when (i + 1) >= ((fsConnClientPrefix*)client->requestBuffer)[1].num_auths at line 251.
malloc called at line 372 of os/utils.c in function 'FSalloc'
Error: Memory leak (CWE 401)
Memory leak of pointer acp allocated with FSalloc((stuff->num_auths * 24))
at line 604 of difs/dispatch.c in function 'ProcCreateAC'.
acp allocated at line 590 with FSalloc((stuff->num_auths * 24)).
acp leaks when ((((Atom)ad) - ((Atom)client->requestBuffer)) + 8) > ((stuff->length << 2) - 4) at line 599.
malloc called at line 372 of os/utils.c in function 'FSalloc'
at line 622 of difs/dispatch.c in function 'ProcCreateAC'.
acp allocated at line 590 with FSalloc((stuff->num_auths * 24)).
acp leaks when (i + 1) >= ((fsCreateACReq*)client->requestBuffer)->num_auths at line 597.
malloc called at line 372 of os/utils.c in function 'FSalloc'
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
difs/dispatch.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/difs/dispatch.c b/difs/dispatch.c
index 36c82ef..60aa841 100644
--- a/difs/dispatch.c
+++ b/difs/dispatch.c
@@ -253,6 +253,7 @@ ProcEstablishConnection(ClientPtr client)
int lengthword = stuff->length;
SendErrToClient(client, FSBadLength, (pointer)&lengthword);
+ DEALLOCATE_LOCAL(client_auth);
return (FSBadLength);
}
/* copy carefully in case wire data is not aligned */
@@ -273,6 +274,7 @@ ProcEstablishConnection(ClientPtr client)
int lengthword = stuff->length;
SendErrToClient(client, FSBadLength, (pointer)&lengthword);
+ DEALLOCATE_LOCAL(client_auth);
return (FSBadLength);
}
@@ -292,6 +294,7 @@ ProcEstablishConnection(ClientPtr client)
authp = (AuthContextPtr) fsalloc(sizeof(AuthContextRec));
if (!authp) {
SendErrToClient(client, FSBadAlloc, (pointer) 0);
+ DEALLOCATE_LOCAL(client_auth);
return FSBadAlloc;
}
authp->authname =
@@ -303,6 +306,7 @@ ProcEstablishConnection(ClientPtr client)
fsfree((char *) authp->authdata);
fsfree((char *) authp);
SendErrToClient(client, FSBadAlloc, (pointer) 0);
+ DEALLOCATE_LOCAL(client_auth);
return FSBadAlloc;
}
memmove( authp->authname, client_auth[auth_index - 1].name,
@@ -318,6 +322,7 @@ ProcEstablishConnection(ClientPtr client)
fsfree((char *) authp->authdata);
fsfree((char *) authp);
SendErrToClient(client, FSBadAlloc, (pointer) 0);
+ DEALLOCATE_LOCAL(client_auth);
return FSBadAlloc;
}
client->auth = client->default_auth = authp;
@@ -601,6 +606,7 @@ ProcCreateAC(ClientPtr client)
int lengthword = stuff->length;
SendErrToClient(client, FSBadLength, (pointer)&lengthword);
+ DEALLOCATE_LOCAL(acp);
return (FSBadLength);
}
/* copy carefully in case data is not aligned */
@@ -619,6 +625,8 @@ ProcCreateAC(ClientPtr client)
int lengthword = stuff->length;
SendErrToClient(client, FSBadLength, (pointer)&lengthword);
+ if (acp)
+ DEALLOCATE_LOCAL(acp);
return (FSBadLength);
}
--
1.7.9.2
More information about the xorg-devel
mailing list