Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Nov 2023 14:00:49 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 275232] libc memory leak - acl_to_text() / acl_to_text_np()
Message-ID:  <bug-275232-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275232

            Bug ID: 275232
           Summary: libc memory leak - acl_to_text() / acl_to_text_np()
           Product: Base System
           Version: 13.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: pen@lysator.liu.se

Created attachment 246464
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D246464&action=
=3Dedit
Patch to fix three small memory leaks in libc / acl_to_text()

There is a couple of small memory leaks in the libc functions acl_to_text()=
 ad
acl_to_text_np() - if the ACL contains user: and/or group: entries then it =
will
leak about sizeof(uid_t) allocated blocks for each ACL entry...


Compile with "cc -g" and then run with "valgrind --leak-check=3Dfull ./a.ou=
t":

#include <stdio.h>
#include <sys/acl.h>

int
main(int argc,
     char *argv[]) {
    acl_t a;
    acl_entry_t e;
    uid_t uid;


    a =3D acl_init(1);
    acl_create_entry(&a, &e);
    acl_set_tag_type(e, ACL_USER);
    uid =3D 1001;
    acl_set_qualifier(e, &uid);
    acl_set_entry_type_np(e, ACL_ENTRY_TYPE_ALLOW);

    char *s =3D acl_to_text(a, NULL);
    puts(s);
    acl_free(s);
    acl_free(a);
    return 0;
}


=3D=3D94097=3D=3D 4 bytes in 1 blocks are definitely lost in loss record 1 =
of 10
=3D=3D94097=3D=3D    at 0x484CBE4: malloc (vg_replace_malloc.c:435)
=3D=3D94097=3D=3D    by 0x4953AB3: acl_get_qualifier (in /lib/libc.so.7)
=3D=3D94097=3D=3D    by 0x49556B8: ??? (in /lib/libc.so.7)
=3D=3D94097=3D=3D    by 0x201B0D: main (acl_to_text_leak.c:20)

There are at least three missed acl_free() calls for returned identifiers f=
rom
acl_get_qualifier() in lib/libc/posix1e/acl_to_text_nfs4.c

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-275232-227>