From owner-freebsd-hackers@FreeBSD.ORG Sun Jan 18 07:45:06 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D44616A4D0; Sun, 18 Jan 2004 07:45:06 -0800 (PST) Received: from phantom.cris.net (phantom.cris.net [212.110.130.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36D4143D69; Sun, 18 Jan 2004 07:44:52 -0800 (PST) (envelope-from ru@FreeBSD.org.ua) Received: from phantom.cris.net (ru@localhost [127.0.0.1]) by phantom.cris.net (8.12.10/8.12.10) with ESMTP id i0IFirjm032431; Sun, 18 Jan 2004 17:44:56 +0200 (EET) (envelope-from ru@FreeBSD.org.ua) Received: (from ru@localhost) by phantom.cris.net (8.12.10/8.12.10/Submit) id i0IFinPN032425; Sun, 18 Jan 2004 17:44:49 +0200 (EET) (envelope-from ru) Date: Sun, 18 Jan 2004 17:44:48 +0200 From: Ruslan Ermilov To: Paul Twohey Message-ID: <20040118154447.GA32115@FreeBSD.org.ua> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lrZ03NoBR/3+SXJZ" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.5.1i cc: freebsd-hackers@freebsd.org cc: scsi@freebsd.org Subject: Re: [CHECKER] bugs in FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jan 2004 15:45:06 -0000 --lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 16, 2004 at 04:09:34PM -0800, Paul Twohey wrote: [...] > --------------------------------------------------------- > [BUG] > /u2/engler/mc/freebsd/sys/i386/compile/GENERIC/../../../dev/dpt/dpt_scsi.= c:1542:dpt_attach:ERROR:LEAK:1542:1571: pointer=3Ddevq from RO=3Dcam_simq_a= lloc(-1) [s=3D21,pop=3D21,pr=3D0.99] [rank=3Dmed] leaked! [z=3D1.0] [succes= s=3D3] >=20 > int i; >=20 > /* > * Create the device queue for our SIM. > */ > Start ---> > devq =3D cam_simq_alloc(dpt->max_dccbs); >=20 > ... DELETED 23 lines ... >=20 >=20 > } > if (i > 0) > EVENTHANDLER_REGISTER(shutdown_final, dptshutdown, > dpt, SHUTDOWN_PRI_DEFAULT); > Error ---> > return (i); > } >=20 > int > --------------------------------------------------------- We aren't leaking "devq" here, it's freed (if necessary) by setting the second cam_sim_free() argument to true: if (xpt_bus_register(dpt->sims[i], i) !=3D CAM_SUCCESS) { cam_sim_free(dpt->sims[i], /*free_devq*/i =3D=3D 0); break; } But we're missing the proper NULL checking, here's the fix: %%% Index: dpt_scsi.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/dev/dpt/dpt_scsi.c,v retrieving revision 1.45 diff -u -p -r1.45 dpt_scsi.c --- dpt_scsi.c 24 Aug 2003 17:46:04 -0000 1.45 +++ dpt_scsi.c 18 Jan 2004 15:39:13 -0000 @@ -1553,6 +1553,8 @@ dpt_attach(dpt_softc_t *dpt) dpt->sims[i] =3D cam_sim_alloc(dpt_action, dpt_poll, "dpt", dpt, dpt->unit, /*untagged*/2, /*tagged*/dpt->max_dccbs, devq); + if (dpt->sims[i] =3D=3D NULL) + break; if (xpt_bus_register(dpt->sims[i], i) !=3D CAM_SUCCESS) { cam_sim_free(dpt->sims[i], /*free_devq*/i =3D=3D 0); break; %%% --=20 Ruslan Ermilov FreeBSD committer ru@FreeBSD.org --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFACqnvUkv4P6juNwoRAmc2AJ4yZOY/4fv1WzHuGBEtrFzVYHmRiACeMSY6 /ucH2Zb2vN73gaOViebu77U= =g3Hd -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ--