From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
To: Shen Feng <shen@cn.fujitsu.com>
Cc: linux-ext4@vger.kernel.org, Mingming Cao <cmm@us.ibm.com>
Subject: Re: [PATCH] ext4: fix memory leak in ext4_ext_insert_extent
Date: Thu, 19 Jun 2008 21:38:51 +0530 [thread overview]
Message-ID: <20080619160851.GA7874@skywalker> (raw)
In-Reply-To: <485A10B3.4020105@cn.fujitsu.com>
On Thu, Jun 19, 2008 at 03:54:27PM +0800, Shen Feng wrote:
>
> In ext4_ext_insert_extent, when path is assigned by
> npath, there is a memory leak and then path points to
> a freed memory after the function returns becasue
> npath and path point to the same memory address
> and npath is freed.
NACK. The refs are dropped and path freed in the caller.
For example look at ext4_ext_get_blocks we drop the path reference
at
2741 out2:
2742 if (path) {
2743 ext4_ext_drop_refs(path);
2744 kfree(path);
2745 }
in ext4_ext_insert_extent we use npath as a local variable
and is freed toward the end.
>
> Signed-off-by: Shen Feng <shen@cn.fujitsu.com>
> ---
> fs/ext4/extents.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index 3f6be32..71a56f1 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -1497,6 +1497,8 @@ repeat:
> if (le16_to_cpu(eh->eh_entries) < le16_to_cpu(eh->eh_max)) {
> ext_debug("next leaf isnt full(%d)\n",
> le16_to_cpu(eh->eh_entries));
> + ext4_ext_drop_refs(path);
> + kfree(path);
> path = npath;
> goto repeat;
> }
> @@ -1578,7 +1580,7 @@ merge:
> err = ext4_ext_dirty(handle, inode, path + depth);
>
> cleanup:
> - if (npath) {
> + if (npath && npath != path) {
> ext4_ext_drop_refs(npath);
> kfree(npath);
> }
> --
> 1.5.5.1
prev parent reply other threads:[~2008-06-19 16:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-19 7:54 [PATCH] ext4: fix memory leak in ext4_ext_insert_extent Shen Feng
2008-06-19 16:08 ` Aneesh Kumar K.V [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080619160851.GA7874@skywalker \
--to=aneesh.kumar@linux.vnet.ibm.com \
--cc=cmm@us.ibm.com \
--cc=linux-ext4@vger.kernel.org \
--cc=shen@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.