[lxc-devel] [PATCH lxcfs 3/5] fix leak in realloc loop in must_strcat_pid

Serge Hallyn serge.hallyn at ubuntu.com
Fri Jan 8 01:55:54 UTC 2016


Quoting Wolfgang Bumiller (w.bumiller at proxmox.com):
> If the first realloc() call fails then 'd' becomes NULL,
> subsequent realloc() retries will behave like malloc() and
> the the original src pointer is never freed. Further more
> the newly allocated data then contains uninitialized data
> where the previous pids had been stored.
> Avoid this by passing the the original pointer from '*src'
> to realloc().
> 
> Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
>  lxcfs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lxcfs.c b/lxcfs.c
> index 8605000..d738e79 100644
> --- a/lxcfs.c
> +++ b/lxcfs.c
> @@ -87,7 +87,7 @@ static void must_strcat_pid(char **src, size_t *sz, size_t *asz, pid_t pid)
>  		*asz = BUF_RESERVE_SIZE;
>  	} else if (tmplen + *sz + 1 >= *asz) {
>  		do {
> -			d = realloc(d, *asz + BUF_RESERVE_SIZE);
> +			d = realloc(*src, *asz + BUF_RESERVE_SIZE);

D'oh.  This needed to not deref src :)  Shoulda spotted that right away.
(Pushing the fix to git)

>  		} while (!d);
>  		*src = d;
>  		*asz += BUF_RESERVE_SIZE;
> -- 
> 2.1.4
> 
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel


More information about the lxc-devel mailing list