From: Szymon Janc <szymon.janc@tieto.com>
To: Gowtham Anandha Babu <gowtham.ab@samsung.com>
Cc: linux-bluetooth@vger.kernel.org, d.kasatkin@samsung.com,
bharat.panda@samsung.com, cpgs@samsung.com
Subject: Re: [PATCH] obexd/src/main: Fix memory leak on obex server
Date: Wed, 01 Oct 2014 08:58:19 +0200 [thread overview]
Message-ID: <2277430.L2Jfa8OnXe@uw000953> (raw)
In-Reply-To: <1412145103-4824-1-git-send-email-gowtham.ab@samsung.com>
Hi Gowtham,
On Wednesday 01 of October 2014 12:01:43 Gowtham Anandha Babu wrote:
> Freeing the variables at appropriate place.
> ---
> obexd/src/main.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/obexd/src/main.c b/obexd/src/main.c
> index 80645f8..7a1ab98 100644
> --- a/obexd/src/main.c
> +++ b/obexd/src/main.c
> @@ -293,8 +293,9 @@ int main(int argc, char *argv[])
> char *old_root = option_root, *home = getenv("HOME");
> if (home) {
> option_root = g_strdup_printf("%s/%s", home, old_root);
> - g_free(old_root);
> + g_free(home);
> }
> + g_free(old_root);
> }
>
> if (option_capability == NULL)
>
This patch is incorrect in multiple ways:
- freeing old_root without altering option_root would result in use-after-free
few lines later in root_folder_setup() or (if program didn't crash already)
double free on exit.
- freeing home pointer would result in crash or undefined behavior:
from getenv manual: "As typically implemented, getenv() returns a pointer to
a string within the environment list. The caller must take care not to
modify this string, since that would change the environment of the process.
...The string pointed to by the return value of getenv() may be statically
allocated,"
But I agree that original code is a bit confusing. Maybe something like this
would make it more readable?
--- a/obexd/src/main.c
+++ b/obexd/src/main.c
@@ -290,8 +290,9 @@ int main(int argc, char *argv[])
}
if (option_root[0] != '/') {
- char *old_root = option_root, *home = getenv("HOME");
+ const char *home = getenv("HOME");
if (home) {
+ char *old_root = option_root;
option_root = g_strdup_printf("%s/%s", home, old_root);
g_free(old_root);
}
--
Best regards,
Szymon Janc
next prev parent reply other threads:[~2014-10-01 6:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-01 6:31 [PATCH] obexd/src/main: Fix memory leak on obex server Gowtham Anandha Babu
2014-10-01 6:58 ` Szymon Janc [this message]
2014-10-01 8:51 ` Gowtham Anandha Babu
2014-10-01 9:00 ` Szymon Janc
2014-10-01 10:54 ` Gowtham Anandha Babu
2014-10-01 13:22 ` Szymon Janc
2014-10-01 13:46 ` Gowtham Anandha Babu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2277430.L2Jfa8OnXe@uw000953 \
--to=szymon.janc@tieto.com \
--cc=bharat.panda@samsung.com \
--cc=cpgs@samsung.com \
--cc=d.kasatkin@samsung.com \
--cc=gowtham.ab@samsung.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).