From nobody Tue Dec 30 13:25:29 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0F98C47072 for ; Wed, 15 Nov 2023 04:17:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234371AbjKOERE (ORCPT ); Tue, 14 Nov 2023 23:17:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37470 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229572AbjKOERC (ORCPT ); Tue, 14 Nov 2023 23:17:02 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F26CBD1 for ; Tue, 14 Nov 2023 20:16:58 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C4118C433C8; Wed, 15 Nov 2023 04:16:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700021818; bh=/1FcBLs1hLiytG5R0uRZWQsitdWl5MH3/p3/R0vq29g=; h=From:To:Cc:Subject:Date:From; b=Nr6jwsb6G9+rldWECfXMHUK76RjLPUC1wK/zZdp2adxov0rRXmAjrnoflDPIO1fGu ilpD+61LWG/V3CARg07E2tTe9oqSdpPNgzE6rn3Z/WVlkEsJKKQMmY/XYaIRZCTzRf tGYCqNzDfHmBJhPtE4h/8sp+3B3QxqifzNV8fP72LPhu3Xl6Dpl5LFX2Qy/Ox1nSye cTbdkCAwS/TMS3TY7hZxaLVrgaWBjTLlY8gQX4W+3e64HLiMVEfzYKV4RoHu/nc6CY jbrRxCEgNb1lgbYI6d86amo3o8KRiYhPC8fbza8LOKzPJKKlRo8FoErKUSip2C8tEl /kgsGXDtjR23w== From: Masahiro Yamada To: linux-kbuild@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Masahiro Yamada Subject: [PATCH] kconfig: fix memory leak from range properties Date: Wed, 15 Nov 2023 13:16:53 +0900 Message-Id: <20231115041653.810045-1-masahiroy@kernel.org> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Currently, sym_validate_range() duplicates the range string using xstrdup(), which is overwritten by a subsequent sym_calc_value() call. It results in a memory leak. Instead, only the pointer should be copied. Below is a test case, with a summary from Valgrind. [Test Kconfig] config FOO int "foo" range 10 20 [Test .config] CONFIG_FOO=3D0 [Before] LEAK SUMMARY: definitely lost: 3 bytes in 1 blocks indirectly lost: 0 bytes in 0 blocks possibly lost: 0 bytes in 0 blocks still reachable: 17,465 bytes in 21 blocks suppressed: 0 bytes in 0 blocks [After] LEAK SUMMARY: definitely lost: 0 bytes in 0 blocks indirectly lost: 0 bytes in 0 blocks possibly lost: 0 bytes in 0 blocks still reachable: 17,462 bytes in 20 blocks suppressed: 0 bytes in 0 blocks Signed-off-by: Masahiro Yamada --- scripts/kconfig/symbol.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c index 0572330bf8a7..a76925b46ce6 100644 --- a/scripts/kconfig/symbol.c +++ b/scripts/kconfig/symbol.c @@ -122,9 +122,9 @@ static long long sym_get_range_val(struct symbol *sym, = int base) static void sym_validate_range(struct symbol *sym) { struct property *prop; + struct symbol *range_sym; int base; long long val, val2; - char str[64]; =20 switch (sym->type) { case S_INT: @@ -140,17 +140,15 @@ static void sym_validate_range(struct symbol *sym) if (!prop) return; val =3D strtoll(sym->curr.val, NULL, base); - val2 =3D sym_get_range_val(prop->expr->left.sym, base); + range_sym =3D prop->expr->left.sym; + val2 =3D sym_get_range_val(range_sym, base); if (val >=3D val2) { - val2 =3D sym_get_range_val(prop->expr->right.sym, base); + range_sym =3D prop->expr->right.sym; + val2 =3D sym_get_range_val(range_sym, base); if (val <=3D val2) return; } - if (sym->type =3D=3D S_INT) - sprintf(str, "%lld", val2); - else - sprintf(str, "0x%llx", val2); - sym->curr.val =3D xstrdup(str); + sym->curr.val =3D range_sym->curr.val; } =20 static void sym_set_changed(struct symbol *sym) --=20 2.40.1