Date: Fri, 25 May 2018 14:34:03 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: araujo@freebsd.org Cc: Brooks Davis <brooks@freebsd.org>, svn-src-head@freebsd.org, Eitan Adler <lists@eitanadler.com>, svn-src-all@freebsd.org, src-committers <src-committers@freebsd.org> Subject: Re: svn commit: r334199 - head/usr.sbin/bhyve Message-ID: <20180525183403.i3bt2npfc3fq2cgf@mutt-hbsd> In-Reply-To: <CAOfEmZiOPsDpzJ1citMhGvVFDFpQg1gY8-tNkj3XReYuFpDC1w@mail.gmail.com> References: <201805250207.w4P275Pf060725@repo.freebsd.org> <20180525151134.GB99063@spindle.one-eyed-alien.net> <CAOfEmZgV9yssn5v8ZpbkwL=rrifoD1Z=uRxe6a0KyM3mrXrSjQ@mail.gmail.com> <CAF6rxgm32%2B_XazDvbtyFChPigxVB0HQ30r3=CvN65ko=zHq0yA@mail.gmail.com> <CAOfEmZhS4RZPn6%2BqOcU56HUtUgGids79cS=fBKfuGjpBBQQm5g@mail.gmail.com> <20180525174424.GD99063@spindle.one-eyed-alien.net> <CAOfEmZhm3HPGU3r2nK9o3ry8%2BxpzaFRDCgw3qCKgy2CTOu3NaQ@mail.gmail.com> <20180525182139.GE99063@spindle.one-eyed-alien.net> <CAOfEmZiOPsDpzJ1citMhGvVFDFpQg1gY8-tNkj3XReYuFpDC1w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--liawnm4m4jguetdk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 26, 2018 at 02:26:33AM +0800, Marcelo Araujo wrote: > 2018-05-26 2:21 GMT+08:00 Brooks Davis <brooks@freebsd.org>: >=20 > > On Sat, May 26, 2018 at 01:56:28AM +0800, Marcelo Araujo wrote: > > > 2018-05-26 1:44 GMT+08:00 Brooks Davis <brooks@freebsd.org>: > > > > > > > On Sat, May 26, 2018 at 01:21:33AM +0800, Marcelo Araujo wrote: > > > > > On Sat, May 26, 2018, 1:11 AM Eitan Adler <lists@eitanadler.com> > > wrote: > > > > > > > > > > > On 25 May 2018 at 08:23, Marcelo Araujo <araujobsdport@gmail.co= m> > > > > wrote: > > > > > > > > > > > > > > > > > > > > > On Fri, May 25, 2018, 11:11 PM Brooks Davis <brooks@freebsd.o= rg> > > > > wrote: > > > > > > >> > > > > > > >> On Fri, May 25, 2018 at 02:07:05AM +0000, Marcelo Araujo wro= te: > > > > > > >> > Author: araujo > > > > > > >> > Date: Fri May 25 02:07:05 2018 > > > > > > >> > New Revision: 334199 > > > > > > >> > URL: https://svnweb.freebsd.org/changeset/base/334199 > > > > > > >> > > > > > > > >> > Log: > > > > > > >> > Fix a memory leak on topology_parse(). > > > > > > >> > > > > > > > >> > strdup(3) allocates memory for a copy of the string, does > > the > > > > copy > > > > > > and > > > > > > >> > returns a pointer to it. If there is no sufficient memory > > NULL > > > > is > > > > > > >> > returned > > > > > > >> > and the global errno is set to ENOMEM. > > > > > > >> > We do a sanity check to see if it was possible to alloca= te > > > > enough > > > > > > >> > memory. > > > > > > >> > > > > > > > >> > Also as we allocate memory, we need to free this memory > > used. > > > > Or it > > > > > > >> > will > > > > > > >> > going out of scope leaks the storage it points to. > > > > > > >> > > > > > > > >> > Reviewed by: rgrimes > > > > > > >> > MFC after: 3 weeks. > > > > > > >> > X-MFC: r332298 > > > > > > >> > Sponsored by: iXsystems Inc. > > > > > > >> > Differential Revision: https://reviews.freebsd.org/ > > D15550 > > > > > > >> > > > > > > > >> > Modified: > > > > > > >> > head/usr.sbin/bhyve/bhyverun.c > > > > > > >> > > > > > > > >> > Modified: head/usr.sbin/bhyve/bhyverun.c > > > > > > >> > > > > > > > >> > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > > > > >> > --- head/usr.sbin/bhyve/bhyverun.c Fri May 25 01:38:59 = 2018 > > > > > > >> > (r334198) > > > > > > >> > +++ head/usr.sbin/bhyve/bhyverun.c Fri May 25 02:07:05 = 2018 > > > > > > >> > (r334199) > > > > > > >> > @@ -193,6 +193,7 @@ topology_parse(const char *opt) > > > > > > >> > c =3D 1, n =3D 1, s =3D 1, t =3D 1; > > > > > > >> > ns =3D false, scts =3D false; > > > > > > >> > str =3D strdup(opt); > > > > > > >> > + assert(str !=3D NULL); > > > > > > >> > > > > > > >> Using assert seems like an odd choice when you've already ad= ded > > a > > > > > > >> failure path and the strsep will crash immediately if assert= is > > > > elided. > > > > > > > > > > > > > > > > > > > > > Just to make a better point, I had the same discussion about > > > > assert(3) in > > > > > > > another review, we don't do NDEBUG even for RELEASE. > > > > > > > > > > > > IMHO we only use assert for asserting things ought to never be > > false > > > > > > except in buggy code. Using assert for handling is poor practic= e. > > > > > > > > > > > > > > > > Again, in this case we are using it all over the place and we must > > > > replace > > > > > it. Also we should document it in somewhere perhaps in the assert= (3) > > > > > otherwise myself and others will keep using it. If you use find, = not > > only > > > > > myself is using it to check strdup! So what is the suggestion to > > handle > > > > > assert(3)? Deprecated it? > > > > > > > > Code that uses assert() in place of error handling is wrong and sho= uld > > > > be fixed. assert(condition) means that condition must never happen > > > > and if it does a bug has occurred (or the programmers assumptions a= re > > > > wrong). In this case failure would not be due to a bug, but do to > > > > resource exhaustion which is expected to be handled. > > > > > > > > > > I agree with you! We have plenty of place that use strdup(3) without > > check > > > the errno ENOMEN return; so do you think would be better bypass a err= no > > > ENOMEN without check it and have a crash, or better abort(3) using > > > assert(3) in case we have no memory available to allocated the memory > > for a > > > copy of a string? > > > > The correct code here would be one of: > > > > str =3D strdup(opt); > > if (str =3D=3D NULL) > > goto out; > > >=20 > No, it is not the correct code! If we go out and free(str) we have nothing > to free, because we even didn't allocated memory for str. Hey Marcelo, I've authored this commit, which fixes the issues Brooks brought up (and with which I agree): https://github.com/HardenedBSD/hardenedBSD/commit/9c05b8def2c33e3889430cc2f= 54be0402a257366 Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --liawnm4m4jguetdk Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlsIVw8ACgkQaoRlj1JF bu62mA/+PF/4L/jGX+cNQsaJ4rU/nW3wFTiKreIgoIOLEOKzQXzB1h1LlXFtK+P5 rgfYjbfnY7C+ose9TJkQhwtsJiq5OWZLACrzZ63P4SH5xlUw77QiH+GdbW9/6Hr9 kLzsMkBnujdGUBQ4S0/ThDzWxQg3LVAQdCAdq2R561E37Pbqiu9AqvAYc0AmkvAB SUFtRqK6H2t+x1+dWtG5RPKdiAxibjry1tjUc5ceAHRa40BouOsNJcAV3UmWCtGB tCaJHbaCu4vO5oeaH+G6lcnM0uSS5P780bWszOxAv2YyZQtbT/zhXLgSxaLnvIqn w/PotRN6mXNxHjCF3jMT3ufQDxi9RUXQ5uNAQphZX9dZPEq36jts+Eab/GxTkQ0P IMq5L+IFrCVzRS5JZ/pYQBM+JKsdT4V7uaglAdi2tGT0zdHvTMnkBdUtOGknTeOV LVmDmaaCzHqHhwR8jvlDnp7G+VLXo1iivtfudNCH5+WZirBjw4Pnt9LOaW83+wPF bN/S+1ZVrDlQGOKbEaisug6d5SRaXOgfTMV5jZ+I0kJ11K7S0hgd1sSkr5zV6slz JBnD+XqgQCE51CHCyqcFHLOz1LZXAeiy2jUmB9UXedoGL/G91O3A2K5NvPmtwJwf Fskq13Mj7EEZGWG3clhjXVazrHnDtJhkaI5sw8r946xCuBVjlcU= =Hl2A -----END PGP SIGNATURE----- --liawnm4m4jguetdk--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180525183403.i3bt2npfc3fq2cgf>