Date: Wed, 20 Feb 2019 20:58:42 -0800 From: Enji Cooper <yaneurabeya@gmail.com> To: Bruce Evans <brde@optusnet.com.au> Cc: David Bright <dab@freebsd.org>, src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r344389 - head/usr.sbin/newsyslog Message-ID: <3CD59489-0595-4D09-B5C9-C3F25D23BB8D@gmail.com> In-Reply-To: <20190221121712.Y989@besplex.bde.org> References: <201902202205.x1KM5iZX036319@repo.freebsd.org> <20190221121712.Y989@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Feb 20, 2019, at 5:17 PM, Bruce Evans <brde@optusnet.com.au> wrote: >=20 > On Wed, 20 Feb 2019, David Bright wrote: >=20 >> Log: >> Complete fix for CID 1007454, CID 1007453: Resource leak in newsyslog >>=20 >> The result of a strdup() was stored in a global variable and not = freed >> before program exit. This is a follow-up to r343906. That change >=20 > This was an especially large bug in Coverity. Understanding that = exit(3) > exits is about the first thing to understand for a checker. >=20 > Now it is also a style bug in the source code. >=20 >> attempted to plug these resource leaks but managed to miss a code = path >> on which the leak still occurs. Plug the leak on that path, too. >=20 >> Modified: head/usr.sbin/newsyslog/newsyslog.c >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >> --- head/usr.sbin/newsyslog/newsyslog.c Wed Feb 20 21:24:56 2019 = (r344388) >> +++ head/usr.sbin/newsyslog/newsyslog.c Wed Feb 20 22:05:44 2019 = (r344389) >> @@ -793,6 +793,9 @@ usage(void) >> fprintf(stderr, >> "usage: newsyslog [-CFNPnrsv] [-a directory] [-d directory] = [-f config_file]\n" >> " [-S pidfile] [-t timefmt] [[-R tagname] = file ...]\n"); >> + /* Free global dynamically-allocated storage. */ >> + free(timefnamefmt); >> + free(requestor); >> exit(1); >> } >=20 > There was no leak here. exit(3) frees storage much more finally than > free(3). >=20 > It is especially obvious that there is no leak here, since the exit() = is > 1-2 lines later than the frees. >=20 > In theory, exit() might fail because it tries to allocate 100 MB more > storage but wouldn't fail if 100 bytes are freed here (applications = can > easily do this foot shooting by allocating without freeing in atexit() > destructors). In practice, even allocation failures "can't happen", > except in programs that use setrlimit followed but foot shooting to = test > the limits. setrlimit is now broken for this purpose, since it = doesn't > limit allocations done using mmap() instead of break(), and malloc() = now > uses mmap(). >=20 > If coverity understood this and wanted to spam you with warnings, then = it > would not warn about this, but would warn about more important things = like > failure to fflush() or fclose() or check for or handle errors for all > open streams before calling exit(). Also, if all callers of usage() = are > not understood, for failures to switch stderr to unbuffered mode = before > using it in usage(). >=20 > The error reporting is even harder to do if stderr is not available. > Windowing systems and even curses need to do lots more cleanup = _before_ > exit() and it may be difficult to clean up enough to print error = messages > using the windowing system. I agree with Bruce. Items like these should be ignored in the Coverity = UI as false positives with reasoning, like =E2=80=9Cglobal variables; = freed on exit=E2=80=9D. As others have noted in past mailing threads, freeing variables on exit = can cause applications to hang for a period of time, while the memory is = being reclaimed. I think it=E2=80=99s best to ignore these kinds of = allocations on exit to avoid introducing unnecessary complexity in the = program, as they=E2=80=99re benign issues. Thank you, -Enji=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CD59489-0595-4D09-B5C9-C3F25D23BB8D>