From owner-svn-src-all@freebsd.org Thu Feb 21 05:20:23 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0BC3D14F4059 for ; Thu, 21 Feb 2019 05:20:23 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 99B948D3A6 for ; Thu, 21 Feb 2019 05:20:22 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-qk1-x736.google.com with SMTP id x9so3600862qkf.0 for ; Wed, 20 Feb 2019 21:20:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WZO4cSS3pdlTJDHNjH1CexprcxmppJ/U+PIxvcgRCnY=; b=G4HHFMKfhYS1qVStHnqSSKjGqconbMf2q9CMUrduixwDJaTyxd6VCXAj6sI1I/9Kvi UInaVw65wQwvgAibQxdyw5amrwzPShZGnqcopDc2evMFc0Q2BRwFztwhKIWgZDug23qv +r8ruRAw7gwc3XbB4u7UQ9Moe9rQJOtSggsKfglbgkA2bkp70DJO+U9OwHSpmT6U/Esm iciLtxIIM8wCsFSeHrOJ472e7sEXHtBFyPlXehiRgVJN2t7SKxz3s4rX0YA7ZawAexCQ Rhwntn/k8F+30gY7PVUne8Iu5bsAYfdwyiDMK7th04KbBciACwlhZQnP5gHhRu5ka08B g1xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WZO4cSS3pdlTJDHNjH1CexprcxmppJ/U+PIxvcgRCnY=; b=e8wg9JjJIAROLXPsm4nePIuEJh9/xpRBF6El8SiIXj8KuNCPeo3gc4Y34cHDMP73Vn HO5U+/zsQKwj9eib6707XNoBt41HCiAiO1MLfRgK2/yGLmm6ttHjs+kRTkM7995/7nPd qKTbGoazikq/dCi/1Yd9z6Oh1GdVwaiUpVcPNupSVmpgQl3Ezk5dM1nioUUvT5f6D3KP YvmzGxKOWtadTAT9WO1FnRkkKQGgSe9n2YN0dA76fwsEyniWHPLQ6ecMvsOgAGtGbBNR MhhW24zroplVYmLXg9jsgY2n/otRIo4JyJfe5/J3P0VfK35n3wxs5iER8bNPQV0M+f/t rNuA== X-Gm-Message-State: AHQUAubtN++cXoj5aOiPQEg3Bta3bwcy6LE8iTho2+h9D0/SNE3jAPak +eqMbHKSrxRsibm969m3FaKw6XL1wns5PbK3dTnxcQ== X-Google-Smtp-Source: AHgI3IYpxHvwnFKmVaJCOrKPgVjP3eCe1v3belgI3QgVIzsFvKDkNwai8V97MqSfw/ZbHVimtTmI4NRJvoq8D4ZOb1Y= X-Received: by 2002:a37:6fc2:: with SMTP id k185mr17330360qkc.175.1550726421724; Wed, 20 Feb 2019 21:20:21 -0800 (PST) MIME-Version: 1.0 References: <201902202205.x1KM5iZX036319@repo.freebsd.org> <20190221121712.Y989@besplex.bde.org> <3CD59489-0595-4D09-B5C9-C3F25D23BB8D@gmail.com> In-Reply-To: <3CD59489-0595-4D09-B5C9-C3F25D23BB8D@gmail.com> From: Warner Losh Date: Wed, 20 Feb 2019 22:20:09 -0700 Message-ID: Subject: Re: svn commit: r344389 - head/usr.sbin/newsyslog To: Garrett Cooper Cc: Bruce Evans , David Bright , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org X-Rspamd-Queue-Id: 99B948D3A6 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.98 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.977,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2019 05:20:23 -0000 On Wed, Feb 20, 2019, 9:59 PM Enji Cooper > > On Feb 20, 2019, at 5:17 PM, Bruce Evans wrote: > > > > On Wed, 20 Feb 2019, David Bright wrote: > > > >> Log: > >> Complete fix for CID 1007454, CID 1007453: Resource leak in newsyslog > >> > >> The result of a strdup() was stored in a global variable and not freed > >> before program exit. This is a follow-up to r343906. That change > > > > This was an especially large bug in Coverity. Understanding that exit(= 3) > > exits is about the first thing to understand for a checker. > > > > Now it is also a style bug in the source code. > > > >> attempted to plug these resource leaks but managed to miss a code path > >> on which the leak still occurs. Plug the leak on that path, too. > > > >> Modified: head/usr.sbin/newsyslog/newsyslog.c > >> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > >> --- head/usr.sbin/newsyslog/newsyslog.c Wed Feb 20 21:24:56 2019 > (r344388) > >> +++ head/usr.sbin/newsyslog/newsyslog.c Wed Feb 20 22:05:44 2019 > (r344389) > >> @@ -793,6 +793,9 @@ usage(void) > >> fprintf(stderr, > >> "usage: newsyslog [-CFNPnrsv] [-a directory] [-d directory] > [-f config_file]\n" > >> " [-S pidfile] [-t timefmt] [[-R tagname] fil= e > ...]\n"); > >> + /* Free global dynamically-allocated storage. */ > >> + free(timefnamefmt); > >> + free(requestor); > >> exit(1); > >> } > > > > There was no leak here. exit(3) frees storage much more finally than > > free(3). > > > > It is especially obvious that there is no leak here, since the exit() i= s > > 1-2 lines later than the frees. > > > > In theory, exit() might fail because it tries to allocate 100 MB more > > storage but wouldn't fail if 100 bytes are freed here (applications can > > easily do this foot shooting by allocating without freeing in atexit() > > destructors). In practice, even allocation failures "can't happen", > > except in programs that use setrlimit followed but foot shooting to tes= t > > the limits. setrlimit is now broken for this purpose, since it doesn't > > limit allocations done using mmap() instead of break(), and malloc() no= w > > uses mmap(). > > > > If coverity understood this and wanted to spam you with warnings, then = it > > would not warn about this, but would warn about more important things > like > > failure to fflush() or fclose() or check for or handle errors for all > > open streams before calling exit(). Also, if all callers of usage() ar= e > > not understood, for failures to switch stderr to unbuffered mode before > > using it in usage(). > > > > The error reporting is even harder to do if stderr is not available. > > Windowing systems and even curses need to do lots more cleanup _before_ > > exit() and it may be difficult to clean up enough to print error messag= es > > using the windowing system. > > I agree with Bruce. Items like these should be ignored in the Coverity UI > as false positives with reasoning, like =E2=80=9Cglobal variables; freed = on exit=E2=80=9D. > > As others have noted in past mailing threads, freeing variables on exit > can cause applications to hang for a period of time, while the memory is > being reclaimed. I think it=E2=80=99s best to ignore these kinds of alloc= ations on > exit to avoid introducing unnecessary complexity in the program, as they= =E2=80=99re > benign issues. > It's been a long running debate since 92 or so when purify came out and this problem started to be found. In the last 25 years the question hasn't been settled. I tend to think it's a waste of time, though I get that issues like this create a lot of false positives. Warner Thank you, > -Enji >