From: Lasse Collin <lasse.collin@tukaani.org>
To: Andrew Morton <akpm@linux-foundation.org>,
Vishnu Sanal T <t.v.s10123@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fix: possible memory leak in unxz()
Date: Tue, 8 Oct 2024 17:40:13 +0300 [thread overview]
Message-ID: <20241008174013.7b957a99@kaneli> (raw)
In-Reply-To: <20241007185045.00d57782b2f446acc7a78215@linux-foundation.org>
In short, I dont want this patch to be merged, especially with its
current misleading commit message.
On 2024-10-07 Andrew Morton wrote:
> must_free_in needn't exist - `in' is always non-NULL here.
No, must_free_in is needed. The API (defined in
include/linux/decompress/generic.h) packs three different functions
into a single function:
1. Buffer to buffer (from "in"/"inbuf" to "out"/"outbuf")
2. Buffer ("in"/"inbuf") to callback function (flush)
3. Callback function (fill) to callback function (flush)
The callback functions need input and output buffers. For "flush", the
buffer always has to be allocated.
But, for some reason, generic.h says that "fill" can use the input
buffer provided by the caller when it's non-NULL. Thus, unxz()
allocates "in" conditionally and must_free_in is needed to avoid
freeing "in" when unxz() didn't allocate it.
I don't know if anything actually uses this subvariant where fill !=
NULL && in != NULL. Several other lib/decompress_*.c files support it
too although unlzo and unlz4 don't. So perhaps the feature is an
unneeded complication. Getting rid of this feature could make the code
less confusing. It would also allow making the "in" pointer
const-correct for buffer-to-{buffer,callback} cases.
> And free(NULL) is OK anwyay.
No, it's not. The free() implementation in
include/linux/decompress/mm.h doesn't check for NULL; each free() just
decrements the allocation counter. Thus free(NULL) would desync it.
As I wrote two days ago[1], this patch doesn't fix a memory leak or any
other bugs, and thus the commit message is incorrect. Still, I wasn't
really against the patch two days ago but I am now. I see the code
being misunderstood, and I feel this patch doesn't make it more
understandable.
[1] https://lore.kernel.org/lkml/20241006211720.5d7199b0@kaneli/
--
Lasse Collin
prev parent reply other threads:[~2024-10-08 14:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-06 7:25 [PATCH] fix: possible memory leak in unxz() Vishnu Sanal T
2024-10-06 18:17 ` Lasse Collin
2024-10-08 1:50 ` Andrew Morton
2024-10-08 14:40 ` Lasse Collin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241008174013.7b957a99@kaneli \
--to=lasse.collin@tukaani.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=t.v.s10123@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.