Site Navigation

Date:      Tue, 6 Jul 2021 17:53:24 GMT
From:      Mariusz Zaborski <oshogbo@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: f98545c7e991 - stable/13 - libnv: fix memory leaks
Message-ID:  <202107061753.166HrO1O052701@gitrepo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

The branch stable/13 has been updated by oshogbo:

URL: https://cgit.FreeBSD.org/src/commit/?id=f98545c7e99195d0f6e4be2068331421c853be17

commit f98545c7e99195d0f6e4be2068331421c853be17
Author:     Mariusz Zaborski <oshogbo@FreeBSD.org>
AuthorDate: 2019-02-10 23:28:55 +0000
Commit:     Mariusz Zaborski <oshogbo@FreeBSD.org>
CommitDate: 2021-07-06 17:53:07 +0000

    libnv: fix memory leaks
    
    nvpair_create_stringv: free the temporary string; this fix affects
    nvlist_add_stringf() and nvlist_add_stringv().
    
    nvpair_remove_nvlist_array (NV_TYPE_NVLIST_ARRAY case): free the chain
    of nvpairs (as resetting it prevents nvlist_destroy() from freeing it).
    Note: freeing the chain in nvlist_destroy() is not sufficient, because
    it would still leak through nvlist_take_nvlist_array().  This affects
    all nvlist_*_nvlist_array() use
    
    Submitted by:   Mindaugas Rasiukevicius <rmind@netbsd.org>
    Reported by:    clang/gcc ASAN
    MFC after:      2 weeks
    
    (cherry picked from commit b5d787d93b3d83f28e87e1f8cc740cb160f8f0ac)
---
 sys/contrib/libnv/bsd_nvpair.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/sys/contrib/libnv/bsd_nvpair.c b/sys/contrib/libnv/bsd_nvpair.c
index 6405dcd1c516..556203f740fc 100644
--- a/sys/contrib/libnv/bsd_nvpair.c
+++ b/sys/contrib/libnv/bsd_nvpair.c
@@ -229,8 +229,16 @@ nvpair_remove_nvlist_array(nvpair_t *nvp)
 	nvlarray = __DECONST(nvlist_t **,
 	    nvpair_get_nvlist_array(nvp, &count));
 	for (i = 0; i < count; i++) {
-		nvlist_set_array_next(nvlarray[i], NULL);
-		nvlist_set_parent(nvlarray[i], NULL);
+		nvlist_t *nvl;
+		nvpair_t *nnvp;
+
+		nvl = nvlarray[i];
+		nnvp = nvlist_get_array_next_nvpair(nvl);
+		if (nnvp != NULL) {
+			nvpair_free_structure(nnvp);
+		}
+		nvlist_set_array_next(nvl, NULL);
+		nvlist_set_parent(nvl, NULL);
 	}
 }
 

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107061753.166HrO1O052701>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact