This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug regex/23233] New: Memory leak in build_charclass_op function in file posix/regcomp.c

From: "nixiaoming at huawei dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Fri, 25 May 2018 09:37:29 +0000
Subject: [Bug regex/23233] New: Memory leak in build_charclass_op function in file posix/regcomp.c
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=23233

            Bug ID: 23233
           Summary: Memory leak in build_charclass_op function in file
                    posix/regcomp.c
           Product: glibc
           Version: 2.27
            Status: UNCONFIRMED
          Severity: critical
          Priority: P2
         Component: regex
          Assignee: unassigned at sourceware dot org
          Reporter: nixiaoming at huawei dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

Created attachment 11045
  --> https://sourceware.org/bugzilla/attachment.cgi?id=11045&action=edit
patch for fix memleak

The original code fragment is as follows:

3049   sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
3050 #ifdef RE_ENABLE_I18N
3051   mbcset = (re_charset_t *) calloc (sizeof (re_charset_t), 1);
3052 #endif /* RE_ENABLE_I18N */
3053 #ifdef RE_ENABLE_I18N
3054   if (BE (sbcset == NULL || mbcset == NULL, 0))
3055 #else
3056   if (BE (sbcset == NULL, 0))
3057 #endif /* RE_ENABLE_I18N */
3058     {
3059       re_free (sbcset);
3060 #ifdef RE_ENABLE_I18N
3061       re_free (mbcset);
3062 #endif
3063       *err = REG_ESPACE;
3064       return NULL;
3065     }
..........
.........
3580 static bin_tree_t *
3581 build_charclass_op (re_dfa_t *dfa, RE_TRANSLATE_TYPE trans,
3582             const unsigned char *class_name,
3583             const unsigned char *extra, int non_match,
3584             reg_errcode_t *err)
3585 {
3586   re_bitset_ptr_t sbcset;
3587 #ifdef RE_ENABLE_I18N
3588   re_charset_t *mbcset;
3589   int alloc = 0;
3590 #endif /* not RE_ENABLE_I18N */
3591   reg_errcode_t ret;
3592   re_token_t br_token;
3593   bin_tree_t *tree;
3594
3595   sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
3596 #ifdef RE_ENABLE_I18N
3597   mbcset = (re_charset_t *) calloc (sizeof (re_charset_t), 1);
3598 #endif /* RE_ENABLE_I18N */
3599
3600 #ifdef RE_ENABLE_I18N
3601   if (BE (sbcset == NULL || mbcset == NULL, 0))
3602 #else /* not RE_ENABLE_I18N */
3603   if (BE (sbcset == NULL, 0))
3604 #endif /* not RE_ENABLE_I18N */
3605     {
3606       *err = REG_ESPACE;
3607       return NULL;
3608     }


In RE_ENABLE_I18N case
If sbcset == NULL && mbcset != NULL, no memory is freed at line 3607, resulting
in a memory leak

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug regex/23233] Memory leak in build_charclass_op function in file posix/regcomp.c
  - From: fweimer at redhat dot com
- [Bug regex/23233] Memory leak in build_charclass_op function in file posix/regcomp.c
  - From: nixiaoming at huawei dot com
- [Bug regex/23233] Memory leak in build_charclass_op function in file posix/regcomp.c
  - From: fweimer at redhat dot com
- [Bug regex/23233] Memory leak in build_charclass_op function in file posix/regcomp.c
  - From: nixiaoming at huawei dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]