Use reallocf instead of malloc to fix leak with outbuf_pmap
ClosedPublic
Actions

Authored by ngie on May 22 2016, 6:47 PM.

Details

Reviewers

markj
pfg

Summary

Use reallocf instead of malloc to fix leak with outbuf_pmap

The previous code overwrote outbuf_pmap's memory with malloc once per
loop iteration, which leaked its memory; use reallocf instead to ensure
that memory is properly free'd each loop iteration.

Add a outbuf_pmap = NULL in the failure case to avoid a double-free
at the bottom of the function.

Reported by: Coverity
CID: 1038776
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 3891
Build 3934: arc lint + arc unit

Event Timeline

ngie updated this revision to Diff 16695.May 22 2016, 6:47 PM

ngie retitled this revision from to Use reallocf instead of malloc to fix leak with outbuf_pmap.

ngie updated this object.

ngie edited the test plan for this revision. (Show Details)

ngie added subscribers: mohlrich_isilon.com, markj, pfg, bdrewery.

Herald added a subscriber: imp. · View Herald TranscriptMay 22 2016, 6:47 PM

Interesting. Looks good to me.

This revision is now accepted and ready to land.May 22 2016, 10:14 PM

Looks ok to me from a correctness perspective.

lib/libc/rpc/clnt_bcast.c
350	The line break is kind of ugly. Maybe make the assignment and check separate statements?
351	We appear to already free outbuf_pmap at done_broad, so I don't see the need for reallocf()+pointer clear vs. just a realloc() call.

ngie marked an inline comment as done.May 24 2016, 5:37 AM

ngie added inline comments.

lib/libc/rpc/clnt_bcast.c
351	I agree in theory, but replacing realloc with reallocf would require adding more complexity to deal with temporary pointers and the like. This is a pretty easy way to do things, even if it duplicates in the pathological case..