From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: tytso@mit.edu, darrick.wong@oracle.com
Cc: linux-ext4@vger.kernel.org
Subject: [PATCH 19/49] libext2fs: fix memory leak when drastically shrinking extent tree depth
Date: Mon, 10 Mar 2014 23:55:59 -0700 [thread overview]
Message-ID: <20140311065559.30585.1536.stgit@birch.djwong.org> (raw)
In-Reply-To: <20140311065356.30585.47192.stgit@birch.djwong.org>
In ext2fs_extent_free(), h(andle)->max_depth is used as a loop
conditional variable to free all the h->path[].buf pointers. However,
ext2fs_extent_delete() sets max_depth = 0 if we've removed everything
from the extent tree, which causes a subsequent _free() to leak some
buf pointers. max_depth can be re-incremented when splitting extent
nodes, but there's no guarantee that it'll reach the old value before
the free.
Therefore, remember the size of h->paths[] separately, and use that
when freeing the extent handle.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
lib/ext2fs/extent.c | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/lib/ext2fs/extent.c b/lib/ext2fs/extent.c
index 3ccae66..f27344e 100644
--- a/lib/ext2fs/extent.c
+++ b/lib/ext2fs/extent.c
@@ -58,6 +58,7 @@ struct ext2_extent_handle {
int type;
int level;
int max_depth;
+ int max_paths;
struct extent_path *path;
};
@@ -168,7 +169,7 @@ void ext2fs_extent_free(ext2_extent_handle_t handle)
return;
if (handle->path) {
- for (i=1; i <= handle->max_depth; i++) {
+ for (i = 1; i < handle->max_paths; i++) {
if (handle->path[i].buf)
ext2fs_free_mem(&handle->path[i].buf);
}
@@ -242,11 +243,10 @@ errcode_t ext2fs_extent_open2(ext2_filsys fs, ext2_ino_t ino,
handle->max_depth = ext2fs_le16_to_cpu(eh->eh_depth);
handle->type = ext2fs_le16_to_cpu(eh->eh_magic);
- retval = ext2fs_get_mem(((handle->max_depth+1) *
- sizeof(struct extent_path)),
- &handle->path);
- memset(handle->path, 0,
- (handle->max_depth+1) * sizeof(struct extent_path));
+ handle->max_paths = handle->max_depth + 1;
+ retval = ext2fs_get_memzero(handle->max_paths *
+ sizeof(struct extent_path),
+ &handle->path);
handle->path[0].buf = (char *) handle->inode->i_block;
handle->path[0].left = handle->path[0].entries =
@@ -912,13 +912,11 @@ errcode_t ext2fs_extent_node_split(ext2_extent_handle_t handle)
if (handle->level == 0) {
new_root = 1;
tocopy = ext2fs_le16_to_cpu(eh->eh_entries);
- retval = ext2fs_get_mem(((handle->max_depth+2) *
- sizeof(struct extent_path)),
- &newpath);
+ retval = ext2fs_get_memzero((handle->max_paths + 1) *
+ sizeof(struct extent_path),
+ &newpath);
if (retval)
goto done;
- memset(newpath, 0,
- ((handle->max_depth+2) * sizeof(struct extent_path)));
} else {
tocopy = ext2fs_le16_to_cpu(eh->eh_entries) / 2;
}
@@ -996,13 +994,14 @@ errcode_t ext2fs_extent_node_split(ext2_extent_handle_t handle)
/* current path now has fewer active entries, we copied some out */
if (handle->level == 0) {
memcpy(newpath, path,
- sizeof(struct extent_path) * (handle->max_depth+1));
+ sizeof(struct extent_path) * handle->max_paths);
handle->path = newpath;
newpath = path;
path = handle->path;
path->entries = 1;
path->left = path->max_entries - 1;
handle->max_depth++;
+ handle->max_paths++;
eh->eh_depth = ext2fs_cpu_to_le16(handle->max_depth);
} else {
path->entries -= tocopy;
next prev parent reply other threads:[~2014-03-11 6:56 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-11 6:53 [PATCH 00/49] e2fsprogs patchbomb 3/14 Darrick J. Wong
2014-03-11 6:54 ` [PATCH 01/49] create_inode: clean up return mess in do_write_internal Darrick J. Wong
2014-03-11 20:30 ` Andreas Dilger
2014-03-11 20:41 ` Darrick J. Wong
2014-03-11 21:08 ` Theodore Ts'o
2014-03-12 3:24 ` Theodore Ts'o
2014-03-11 6:54 ` [PATCH 02/49] create_inode: minor cleanups Darrick J. Wong
2014-03-11 20:31 ` Andreas Dilger
2014-03-12 3:25 ` Theodore Ts'o
2014-03-12 3:27 ` Theodore Ts'o
2014-03-11 6:54 ` [PATCH 03/49] create_inode: whitespace fixes Darrick J. Wong
2014-03-12 3:27 ` Theodore Ts'o
2014-03-11 6:54 ` [PATCH 04/49] create_inode: move debugfs internal state back to debugfs Darrick J. Wong
2014-03-12 3:31 ` Theodore Ts'o
2014-03-11 6:54 ` [PATCH 05/49] create_inode: handle hard link inum mappings per populate_fs invocation Darrick J. Wong
2014-03-12 3:46 ` Theodore Ts'o
2014-03-11 6:54 ` [PATCH 06/49] libext2fs: support modifying arbitrary extended attributes (v5) Darrick J. Wong
2014-03-12 3:51 ` Theodore Ts'o
2014-03-11 6:54 ` [PATCH 07/49] debugfs: create commands to edit extended attributes Darrick J. Wong
2014-03-12 3:51 ` Theodore Ts'o
2014-03-11 6:54 ` [PATCH 08/49] e2fsck: don't rehash inline directories Darrick J. Wong
2014-03-13 3:52 ` Theodore Ts'o
2014-03-13 5:38 ` Darrick J. Wong
2014-03-13 12:13 ` Theodore Ts'o
2014-03-11 6:54 ` [PATCH 09/49] libext2fs: don't fail when doing a strict rewrite of inline data Darrick J. Wong
2014-03-14 13:19 ` Theodore Ts'o
2014-03-11 6:55 ` [PATCH 10/49] libext2fs: fix iblocks correctly when expanding an inline_data file Darrick J. Wong
2014-03-12 16:38 ` Andreas Dilger
2014-03-12 17:01 ` Darrick J. Wong
2014-03-14 13:25 ` Theodore Ts'o
2014-03-11 6:55 ` [PATCH 11/49] e2fsck: zero errcode when checking inline data blocks Darrick J. Wong
2014-03-14 13:26 ` Theodore Ts'o
2014-03-11 6:55 ` [PATCH 12/49] libext2fs: during inlinedata expand, don't corrupt inode Darrick J. Wong
2014-03-14 13:29 ` Theodore Ts'o
2014-03-11 6:55 ` [PATCH 13/49] libext2fs: repair side effects when iterating dirents in inline dirs Darrick J. Wong
2014-03-14 13:30 ` Theodore Ts'o
2014-03-11 6:55 ` [PATCH 14/49] resize2fs: add inline dirs for remapping Darrick J. Wong
2014-03-14 13:31 ` Theodore Ts'o
2014-03-11 6:55 ` [PATCH 15/49] all: Introduce cppcheck static checking for make C=1 Darrick J. Wong
2014-03-14 13:33 ` Theodore Ts'o
2014-03-11 6:55 ` [PATCH 16/49] misc: cppcheck cleanups Darrick J. Wong
2014-03-14 13:34 ` Theodore Ts'o
2014-03-11 6:55 ` [PATCH 17/49] libext2fs: fix 64bit overflow in ext2fs_block_alloc_stats_range Darrick J. Wong
2014-03-14 13:35 ` Theodore Ts'o
2014-03-11 6:55 ` [PATCH 18/49] misc: fix header complaints and resource leaks in e2fsprogs Darrick J. Wong
2014-03-14 13:39 ` Theodore Ts'o
2014-03-14 13:53 ` Theodore Ts'o
2014-03-14 19:23 ` Darrick J. Wong
2014-03-11 6:55 ` Darrick J. Wong [this message]
2014-03-14 13:56 ` [PATCH 19/49] libext2fs: fix memory leak when drastically shrinking extent tree depth Theodore Ts'o
2014-03-11 6:56 ` [PATCH 20/49] libext2fs: fix parents when modifying extents Darrick J. Wong
2014-03-14 14:01 ` Theodore Ts'o
2014-03-14 20:13 ` Darrick J. Wong
2014-03-15 15:46 ` Theodore Ts'o
2014-03-17 16:59 ` Darrick J. Wong
2014-03-11 6:56 ` [PATCH 21/49] e2fsck: print runs of duplicate blocks instead of all of them Darrick J. Wong
2014-03-15 16:19 ` Theodore Ts'o
2014-03-11 6:56 ` [PATCH 22/49] e2fsck: verify checksums after checking everything else Darrick J. Wong
2014-03-11 6:56 ` [PATCH 23/49] e2fsck: fix the extended attribute checksum error message Darrick J. Wong
2014-03-11 6:56 ` [PATCH 24/49] e2fsck: insert a missing dirent tail for checksums if possible Darrick J. Wong
2014-03-11 6:56 ` [PATCH 25/49] e2fsck: write dir blocks after new inode when reconstructing root/lost+found Darrick J. Wong
2014-03-11 6:56 ` [PATCH 26/49] tests: add test for corrupted checksummed root directory block Darrick J. Wong
2014-03-11 6:56 ` [PATCH 27/49] dumpe2fs: add switch to disable checksum verification Darrick J. Wong
2014-03-11 6:56 ` [PATCH 28/49] mke2fs: set block_validity as a default mount option Darrick J. Wong
2014-03-11 6:57 ` [PATCH 29/49] libext2fs: support allocating uninit blocks in bmap2() Darrick J. Wong
2014-03-11 6:57 ` [PATCH 30/49] libext2fs: file IO routines should handle uninit blocks Darrick J. Wong
2014-03-11 6:57 ` [PATCH 31/49] resize2fs: convert fs to and from 64bit mode Darrick J. Wong
2014-03-11 6:57 ` [PATCH 32/49] resize2fs: when toggling 64bit, don't free in-use bg data clusters Darrick J. Wong
2014-03-11 6:57 ` [PATCH 33/49] resize2fs: adjust reserved_gdt_blocks when changing group descriptor size Darrick J. Wong
2014-03-11 6:57 ` [PATCH 34/49] libext2fs: have UNIX IO manager use pread/pwrite Darrick J. Wong
2014-03-11 6:57 ` [PATCH 35/49] ext2fs: add readahead method to improve scanning Darrick J. Wong
2014-03-17 22:07 ` Andreas Dilger
2014-03-11 6:57 ` [PATCH 36/49] libext2fs: allow clients to read-ahead metadata Darrick J. Wong
2014-03-17 23:11 ` Andreas Dilger
2014-03-11 6:57 ` [PATCH 37/49] e2fsck: read-ahead metadata during passes 1, 2, and 4 Darrick J. Wong
2014-03-17 23:10 ` Andreas Dilger
2014-03-18 4:42 ` Darrick J. Wong
2014-03-18 6:50 ` Darrick J. Wong
2014-03-11 6:58 ` [PATCH 38/49] libext2fs: when appending to a file, don't split an index block in equal halves Darrick J. Wong
2014-03-11 6:58 ` [PATCH 39/49] libext2fs: find inode goal when allocating blocks Darrick J. Wong
2014-03-11 6:58 ` [PATCH 40/49] libext2fs: find a range of empty blocks Darrick J. Wong
2014-03-11 6:58 ` [PATCH 41/49] libext2fs: provide a function to set inode size Darrick J. Wong
2014-03-11 6:58 ` [PATCH 42/49] libext2fs: implement fallocate Darrick J. Wong
2014-03-11 6:58 ` [PATCH 44/49] fuse2fs: translate ACL structures Darrick J. Wong
2014-03-11 6:58 ` [PATCH 45/49] fuse2fs: handle 64-bit dates correctly Darrick J. Wong
2014-03-11 6:58 ` [PATCH 46/49] fuse2fs: implement fallocate Darrick J. Wong
2014-03-11 6:59 ` [PATCH 48/49] tests: enable using fuse2fs with metadata checksum test Darrick J. Wong
2014-03-11 6:59 ` [PATCH 49/49] tests: test date handling Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140311065559.30585.1536.stgit@birch.djwong.org \
--to=darrick.wong@oracle.com \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).