[PATCH 1/1] libebgenv: fix memory leak in partition probing
11 views
Skip to first unread message
Felix Moessbauer
Oct 15, 2023, 10:46:56 PM10/15/23
to efibootg...@googlegroups.com, jan.k...@siemens.com, michae...@siemens.com, Felix Moessbauer
When probing partitions, the mountpoint string is allocated on the heap.
This needs to be freed as well in case of errors during probing.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
env/env_config_partitions.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/env/env_config_partitions.c b/env/env_config_partitions.c
index be52d7f..d50545e 100644
--- a/env/env_config_partitions.c
+++ b/env/env_config_partitions.c
@@ -65,6 +65,7 @@ bool probe_config_partitions(CONFIG_PART *cfgpart)
cfgpart[count] = tmp;
} else {
free(tmp.devpath);
+ free(tmp.mountpoint);
VERBOSE(stderr,
"Error, there are "
"more than %d config "
@@ -75,6 +76,7 @@ bool probe_config_partitions(CONFIG_PART *cfgpart)
count++;
} else {
free(tmp.devpath);
+ free(tmp.mountpoint);
}
part = ped_disk_next_partition(pd, part);
}
--
2.39.2
This needs to be freed as well in case of errors during probing.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
env/env_config_partitions.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/env/env_config_partitions.c b/env/env_config_partitions.c
index be52d7f..d50545e 100644
--- a/env/env_config_partitions.c
+++ b/env/env_config_partitions.c
@@ -65,6 +65,7 @@ bool probe_config_partitions(CONFIG_PART *cfgpart)
cfgpart[count] = tmp;
} else {
free(tmp.devpath);
+ free(tmp.mountpoint);
VERBOSE(stderr,
"Error, there are "
"more than %d config "
@@ -75,6 +76,7 @@ bool probe_config_partitions(CONFIG_PART *cfgpart)
count++;
} else {
free(tmp.devpath);
+ free(tmp.mountpoint);
}
part = ped_disk_next_partition(pd, part);
}
--
2.39.2
Michael Adler
Oct 16, 2023, 1:57:32 AM10/16/23
to Felix Moessbauer, efibootg...@googlegroups.com, jan.k...@siemens.com
Hi Felix,
although this will certainly free the memory I feel like it's the wrong place:
the fact that the partition has to be mounted is actually an implementation detail
(and not a pretty one). The function `probe_config_file` in `env_config_file.c` is
responsible for mounting and it does have some (obviously incomplete) logic to free the
mountpoint. Could you add the missing `free` there?
Kind Regards,
Michael
--
Michael Adler
Siemens AG
Technology
Connectivity & Edge
Smart Embedded Systems
T CED SES-DE
Otto-Hahn-Ring 6
81739 Munich, Germany
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann
Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive
Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese;
Registered offices: Berlin and Munich, Germany; Commercial registries:
Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
although this will certainly free the memory I feel like it's the wrong place:
the fact that the partition has to be mounted is actually an implementation detail
(and not a pretty one). The function `probe_config_file` in `env_config_file.c` is
responsible for mounting and it does have some (obviously incomplete) logic to free the
mountpoint. Could you add the missing `free` there?
Kind Regards,
Michael
--
Michael Adler
Siemens AG
Technology
Connectivity & Edge
Smart Embedded Systems
T CED SES-DE
Otto-Hahn-Ring 6
81739 Munich, Germany
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann
Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive
Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese;
Registered offices: Berlin and Munich, Germany; Commercial registries:
Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
Jan Kiszka
Oct 16, 2023, 2:03:51 AM10/16/23
to Felix Moessbauer, efibootg...@googlegroups.com, michae...@siemens.com
and also released again in probe_config_file (unmount_partition).
Jan
--
Siemens AG, Technology
Linux Expert Center
MOESSBAUER, Felix
Oct 16, 2023, 2:20:43 AM10/16/23
to Kiszka, Jan, efibootg...@googlegroups.com, Adler, Michael
I'm almost certainly sure that the first free is correct. The second
indeed might lead to a double free. This could better be solved by just
nulling the pointer, or even better providing a destructor for the
struct that internally handles this correctly.
We definitely have a memory leak here, as reported by the asan.
Felix
>
> Jan
>
Jan Kiszka
Oct 16, 2023, 2:38:26 AM10/16/23
to MOESSBAUER, Felix (T CED INW-CN), efibootg...@googlegroups.com, Adler, Michael (T CED SES-DE)
it is nulling the pointer in unmount_partition.
>
> We definitely have a memory leak here, as reported by the asan.
probe_config_file with cfgpart->mountpoint non-null if it wasn't
non-null before.
Felix Moessbauer
Oct 17, 2023, 6:34:44 AM10/17/23
to efibootg...@googlegroups.com, jan.k...@siemens.com, michae...@siemens.com, Felix Moessbauer
When probing partitions, the mountpoint string is allocated on the heap.
Normally the mountpoint is freed during unmounting. But for partitions
that are already mounted, we also need to free the mountpoint str.
Changes since v1:
- fix leak at correct location
env/env_config_file.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/env/env_config_file.c b/env/env_config_file.c
index e270fbb..adb7a06 100644
--- a/env/env_config_file.c
+++ b/env/env_config_file.c
@@ -98,6 +98,8 @@ bool probe_config_file(CONFIG_PART *cfgpart)
}
if (do_unmount) {
unmount_partition(cfgpart);
+ } else {
+ free(cfgpart->mountpoint);
}
return result;
}
--
2.39.2
Jan Kiszka
Oct 17, 2023, 9:00:08 AM10/17/23
to Felix Moessbauer, efibootg...@googlegroups.com, michae...@siemens.com
Jan Kiszka
Oct 17, 2023, 12:48:06 PM10/17/23
to Felix Moessbauer, efibootg...@googlegroups.com, michae...@siemens.com
I've fixed this up...
JEMS EBERHARD HORBEL
Dec 9, 2023, 2:00:31 PM12/9/23
to EFI Boot Guard
DIRECT SENDER IS HERE LETS DEAL.
JENS EBERHARD
MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
SLBC PROVIDER
CREDIT CARD TOP UP
SEPA TRANSFER
WIRE TRANSFER
GLOBALPAY INC US
Thanks.
NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.
DM ME ON WHATSAPP FOR A SERIOUS DEAL.
+447405129573
JENS EBERHARD
MT103/202 DIRECT WIRE TRANSFER
PAYPAL TRANSFER
CASHAPP TRANSFER
ZELLE TRANSFER
TRANSFER WISE
WESTERN UNION TRANSFER
BITCOIN FLASHING
BANK ACCOUNT LOADING/FLASHING
IBAN TO IBAN TRANSFER
MONEYGRAM TRANSFER
SLBC PROVIDER
CREDIT CARD TOP UP
SEPA TRANSFER
WIRE TRANSFER
GLOBALPAY INC US
Thanks.
NOTE; ONLY SERIOUS / RELIABLE RECEIVERS CAN CONTACT.
DM ME ON WHATSAPP FOR A SERIOUS DEAL.
+447405129573
Reply all
Reply to author
Forward
0 new messages