:p
atchew
Login
path is allocated by asprintf() and must be freed later if realloc() fails or at the end of each while() iteration Move the free() call out of LIBVIRT_NSS_GUEST macro and add another one if realloc() fails Found by Linux Verification Center (linuxtesting.org) with Svace. Reported-by: Dmitry Fedin <d.fedin@fobos-nt.ru> Signed-off-by: Alexander Kuznetsov <kuznetsovam@altlinux.org> --- tools/nss/libvirt_nss.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index XXXXXXX..XXXXXXX 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -XXX,XX +XXX,XX @@ findLease(const char *name, goto cleanup; tmpLease = realloc(leaseFiles, sizeof(char *) * (nleaseFiles + 1)); - if (!tmpLease) + if (!tmpLease) { + free(path); goto cleanup; + } + leaseFiles = tmpLease; leaseFiles[nleaseFiles++] = path; #if defined(LIBVIRT_NSS_GUEST) @@ -XXX,XX +XXX,XX @@ findLease(const char *name, free(path); goto cleanup; } - free(path); #endif /* LIBVIRT_NSS_GUEST */ + free(path); } errno = 0; -- 2.42.4
v2: - don't touch free() call inside LIBVIRT_NSS_GUEST macro - rearrange asprintf to be called after realloc, so no extra free call is needed Alexander Kuznetsov (1): nss: Fix memory leak in findLease tools/nss/libvirt_nss.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) -- 2.42.4
path is allocated by asprintf() and must be freed later if realloc() fails Restructure the code to allocate path only after realloc() succeeds, avoiding the need for an extra free() Found by Linux Verification Center (linuxtesting.org) with Svace. Reported-by: Dmitry Fedin <d.fedin@fobos-nt.ru> Signed-off-by: Alexander Kuznetsov <kuznetsovam@altlinux.org> --- tools/nss/libvirt_nss.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index XXXXXXX..XXXXXXX 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -XXX,XX +XXX,XX @@ findLease(const char *name, if (dlen >= 7 && !strcmp(entry->d_name + dlen - 7, ".status")) { char **tmpLease; - if (asprintf(&path, "%s/%s", leaseDir, entry->d_name) < 0) - goto cleanup; - tmpLease = realloc(leaseFiles, sizeof(char *) * (nleaseFiles + 1)); if (!tmpLease) goto cleanup; + + if (asprintf(&path, "%s/%s", leaseDir, entry->d_name) < 0) + goto cleanup; + leaseFiles = tmpLease; leaseFiles[nleaseFiles++] = path; #if defined(LIBVIRT_NSS_GUEST) -- 2.42.4