[PATCH] memory leak in _reclaim_reent

Corinna Vinschen vinschen@redhat.com
Mon Jun 24 09:36:00 GMT 2013

On Jun 23 23:05, Federico Terraneo wrote:
> Hash: SHA1
> While looking at the reentrancy code I've found three variables that
> are surely malloc'd, but are not freed in _reclaim_reent(). Of these,
> two variables, _misc and _signal_buf, cause a leak only if
> _REENT_SMALL is defined. The third one, _sig_func seems to always
> cause a leak.
> The patch for this is simple and is attached, but I have a doubt about
> it regarding _sig_func (the table of function pointers to signal
> handlers): what if a signal is raised during _reclaim_reent()? Without
> this patch, _sig_func is not freed so memory is leaked but the table
> remains valid. With this patch no memory is leaked but a signal after
> the free may be a problem.

As far as I can see, destructing _sig_func needs synchronization.  If
you free it, a _signal_r call could come in and access the free'd memory.
If it already has been set to NULL, _signal_r calls _init_signal_r and
reallocates it.  So we either skip this problem for now, or you have
to make sure that nobody accesses _sig_func during destruction.


Corinna Vinschen
Cygwin Maintainer
Red Hat

More information about the Newlib mailing list