From owner-svn-src-all@freebsd.org Thu Feb 21 04:58:46 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1EFA414F2D6C; Thu, 21 Feb 2019 04:58:46 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 827E98C5D5; Thu, 21 Feb 2019 04:58:45 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: by mail-pg1-x52a.google.com with SMTP id q206so13166774pgq.4; Wed, 20 Feb 2019 20:58:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8SRbZvW2DQdpeX/1YUyPPSIJUJ+O8xxLNlilgTneM6M=; b=A+Q8MLAbKmOEX/KBDWj2vcYdgGvknukilHv1d5AYY4sjpCUxrGpz8QgGqR4bCCVl3K NyTP1taHg0Rm/nZVYgP+N3qHA+ndN7iKR8+LYkZ0kThR0vxKCZ8SpcywlvN9DvZHP3Ry 9G7S8gTmK+wRx5PU9Qkmdsouj4R9ThiOuVV34D97YFWovGp+kw2zxZ8aXx0NBzZ9Pr+p +O/Qy7ibph88Xip8unDxRWy2SLc49toN5IsU3p2Af/46E1hWwG1/PEs+1YR3Z4QyWQBY /qzNe/FmWjPbnRC8JYK5DFsg/pVSEp6OOHHwGBAp/96941TQ2SinRsqVpKNvvkT1tnlZ XsMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8SRbZvW2DQdpeX/1YUyPPSIJUJ+O8xxLNlilgTneM6M=; b=ANHFV0KMxVjWRxrYeVBhvBLbGLgKrIXN3meHGPI2pxaVkdv0Fpk1v0HvgrvKReYJx9 HV8vJQHn74gEN+Bbo2qB63NjVBf/fGt7D42ciXNXWEHeSlTWMBgFzRF6k/2acVsrd/Ui dpnU0H2GDr7WOBoJO2YaWNPWbaMjtY2ukb9+uDYABOIUyKqmsUOCBd7dUmalKa8niKRb meKpD3y9kTmwvOE4iiYM8m4iogjpwstwrfeoRmnwTbn60uXYhNt2RjX7MvJ2+PK+U3W6 SUyWdgCH+F6aLipirSY5cIIO+D5kPHLDuRNjDZeDgnOHKmKLevSTdqULnraxvT7RPTUo E3yQ== X-Gm-Message-State: AHQUAubHet/kVTXSENmsmL3wFkMX9Uv/uDZViVHM6ntQhSu3pLZgQMxd 4XyC956PBPS7aFmpeoXaDNI= X-Google-Smtp-Source: AHgI3IakhE8QbXYyFr1OoLTLSG0bovKjFFopJ3ow2xpxl0mxpe182BLQXaqCyuFi7wLosQFfNNGTgw== X-Received: by 2002:a65:510c:: with SMTP id f12mr19411672pgq.40.1550725124355; Wed, 20 Feb 2019 20:58:44 -0800 (PST) Received: from [192.168.20.7] (c-73-19-52-228.hsd1.wa.comcast.net. [73.19.52.228]) by smtp.gmail.com with ESMTPSA id z18sm34255713pfl.164.2019.02.20.20.58.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Feb 2019 20:58:43 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: svn commit: r344389 - head/usr.sbin/newsyslog From: Enji Cooper In-Reply-To: <20190221121712.Y989@besplex.bde.org> Date: Wed, 20 Feb 2019 20:58:42 -0800 Cc: David Bright , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <3CD59489-0595-4D09-B5C9-C3F25D23BB8D@gmail.com> References: <201902202205.x1KM5iZX036319@repo.freebsd.org> <20190221121712.Y989@besplex.bde.org> To: Bruce Evans X-Mailer: Apple Mail (2.3445.102.3) X-Rspamd-Queue-Id: 827E98C5D5 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.97 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.97)[-0.975,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2019 04:58:46 -0000 > On Feb 20, 2019, at 5:17 PM, Bruce Evans wrote: >=20 > On Wed, 20 Feb 2019, David Bright wrote: >=20 >> Log: >> Complete fix for CID 1007454, CID 1007453: Resource leak in newsyslog >>=20 >> The result of a strdup() was stored in a global variable and not = freed >> before program exit. This is a follow-up to r343906. That change >=20 > This was an especially large bug in Coverity. Understanding that = exit(3) > exits is about the first thing to understand for a checker. >=20 > Now it is also a style bug in the source code. >=20 >> attempted to plug these resource leaks but managed to miss a code = path >> on which the leak still occurs. Plug the leak on that path, too. >=20 >> Modified: head/usr.sbin/newsyslog/newsyslog.c >> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >> --- head/usr.sbin/newsyslog/newsyslog.c Wed Feb 20 21:24:56 2019 = (r344388) >> +++ head/usr.sbin/newsyslog/newsyslog.c Wed Feb 20 22:05:44 2019 = (r344389) >> @@ -793,6 +793,9 @@ usage(void) >> fprintf(stderr, >> "usage: newsyslog [-CFNPnrsv] [-a directory] [-d directory] = [-f config_file]\n" >> " [-S pidfile] [-t timefmt] [[-R tagname] = file ...]\n"); >> + /* Free global dynamically-allocated storage. */ >> + free(timefnamefmt); >> + free(requestor); >> exit(1); >> } >=20 > There was no leak here. exit(3) frees storage much more finally than > free(3). >=20 > It is especially obvious that there is no leak here, since the exit() = is > 1-2 lines later than the frees. >=20 > In theory, exit() might fail because it tries to allocate 100 MB more > storage but wouldn't fail if 100 bytes are freed here (applications = can > easily do this foot shooting by allocating without freeing in atexit() > destructors). In practice, even allocation failures "can't happen", > except in programs that use setrlimit followed but foot shooting to = test > the limits. setrlimit is now broken for this purpose, since it = doesn't > limit allocations done using mmap() instead of break(), and malloc() = now > uses mmap(). >=20 > If coverity understood this and wanted to spam you with warnings, then = it > would not warn about this, but would warn about more important things = like > failure to fflush() or fclose() or check for or handle errors for all > open streams before calling exit(). Also, if all callers of usage() = are > not understood, for failures to switch stderr to unbuffered mode = before > using it in usage(). >=20 > The error reporting is even harder to do if stderr is not available. > Windowing systems and even curses need to do lots more cleanup = _before_ > exit() and it may be difficult to clean up enough to print error = messages > using the windowing system. I agree with Bruce. Items like these should be ignored in the Coverity = UI as false positives with reasoning, like =E2=80=9Cglobal variables; = freed on exit=E2=80=9D. As others have noted in past mailing threads, freeing variables on exit = can cause applications to hang for a period of time, while the memory is = being reclaimed. I think it=E2=80=99s best to ignore these kinds of = allocations on exit to avoid introducing unnecessary complexity in the = program, as they=E2=80=99re benign issues. Thank you, -Enji=