Date: Thu, 16 Feb 2017 01:24:33 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 217125] lib/libc/gen/fts.c resource leak in fts_build() Message-ID: <bug-217125-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217125 Bug ID: 217125 Summary: lib/libc/gen/fts.c resource leak in fts_build() Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: dan.krejsa@gmail.com This issue was initially found using Coverity on a port to another OS of (a slightly older version of) the FreeBSD version of fts.c. It was not actual= ly observed in a running system. To the best of my understanding, it still applies to the latest (Revision 300341) version that I could find of lib/libc/gen/fts.c. Caveats: I am not personally a FreeBSD user, nor am not very familiar with fts.c. My intentions are good, please forgive me if I'm mistaken. The problem occurs with this code in fts_build(): 849 if (descend && (type =3D=3D BCHILD || !nitems) && 850 (cur->fts_level =3D=3D FTS_ROOTLEVEL ? 851 FCHDIR(sp, sp->fts_rfd) : 852 fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) { 853 cur->fts_info =3D FTS_ERR; 854 SET(FTS_STOP); 855 return (NULL); 856 } If the function returns at line 855, any memory allocated in the list of FT= SENT structures headed by 'head' would be leaked. As far as I can tell, it woul= d be possible (although probably uncommon, due to the presumed failure of the ch= dir operation) to get into this code path with a non-empty list (type =3D=3D BC= HILD && nitems !=3D 0). Probably there should be an fts_lfree(head); call in there. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-217125-8>