From: Eric Sandeen <sandeen@sandeen.net>
To: Li Zhong <zhong@linux.vnet.ibm.com>
Cc: Chandra Seetharaman <sekharan@us.ibm.com>,
Mark Tinguely <tinguely@sgi.com>, xfsprogs <xfs@oss.sgi.com>
Subject: Re: [PATCH v3 1/2] xfsprogs: fix potential memory leak in verify_set_primary_sb()
Date: Thu, 26 Sep 2013 09:31:25 -0500 [thread overview]
Message-ID: <5244453D.6010605@sandeen.net> (raw)
In-Reply-To: <1380177932.2983.11.camel@ThinkPad-T5421>
On 9/26/13 1:45 AM, Li Zhong wrote:
> If verify_set_primary_sb() completes the secondary sb scanning loop with
> too few valid secondaries found (num_ok < num_sbs / 2), it will immediately
> return without freeing any of the previously allocated memory (variables
> sb, checked, and any items on the geo list). This was reported by
> the Coverity scanner as CID 997012, 997013 and 997014.
>
> Fix this by using the out_free_list: goto target for this error case.
>
> Earlier, if get_sb() fails in the secondary scan loop, it goes to
> the out: target which does not free any items on the geo list. Fix
> this by using the out_free_list: target as well, and remove the now-unused
> out: target.
>
> Signed-off-by: Li Zhong <zhong@linux.vnet.ibm.com>
> ---
> v2: as Mark pointed out, out in the for loop before also needs list to
> be freed. Also remove out lable as it is not referenced any more.
> v3: use a meaningful changlog from Eric, and hide the patch changlogs below "---".
Thanks for that; you can add my:
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
alongside Mark's.
> repair/sb.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/repair/sb.c b/repair/sb.c
> index aa550e3..d34d7a2 100644
> --- a/repair/sb.c
> +++ b/repair/sb.c
> @@ -733,7 +733,7 @@ verify_set_primary_sb(xfs_sb_t *rsb,
>
> if (get_sb(sb, off, size, agno) == XR_EOF) {
> retval = 1;
> - goto out;
> + goto out_free_list;
> }
>
> if (verify_sb(sb, 0) == XR_OK) {
> @@ -756,8 +756,10 @@ verify_set_primary_sb(xfs_sb_t *rsb,
> /*
> * see if we have enough superblocks to bother with
> */
> - if (num_ok < num_sbs / 2)
> - return(XR_INSUFF_SEC_SB);
> + if (num_ok < num_sbs / 2) {
> + retval = XR_INSUFF_SEC_SB;
> + goto out_free_list;
> + }
>
> current = get_best_geo(list);
>
> @@ -841,7 +843,6 @@ verify_set_primary_sb(xfs_sb_t *rsb,
>
> out_free_list:
> free_geo(list);
> -out:
> free(sb);
> free(checked);
> return(retval);
>
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2013-09-26 14:31 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-22 6:01 [PATCH] xfsprogs: fix potential memory leak in verify_set_primary_sb() Li Zhong
2013-09-24 18:59 ` Mark Tinguely
2013-09-25 7:32 ` [PATCH v2] " Li Zhong
2013-09-25 13:26 ` Mark Tinguely
2013-09-25 14:28 ` Eric Sandeen
2013-09-26 6:41 ` Li Zhong
2013-09-26 6:45 ` [PATCH v3 1/2] " Li Zhong
2013-09-26 6:48 ` [PATCH 2/2] xfsprogs: fix return value of verify_set_primary_sb() Li Zhong
2013-09-26 14:43 ` Eric Sandeen
2013-10-18 16:42 ` Rich Johnston
2013-09-26 14:31 ` Eric Sandeen [this message]
2013-09-27 3:05 ` [PATCH v3 1/2] xfsprogs: fix potential memory leak in verify_set_primary_sb() Li Zhong
2013-09-27 3:24 ` Eric Sandeen
2013-09-27 5:24 ` Li Zhong
2013-10-18 16:40 ` Rich Johnston
2013-09-25 7:34 ` [PATCH] " Li Zhong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5244453D.6010605@sandeen.net \
--to=sandeen@sandeen.net \
--cc=sekharan@us.ibm.com \
--cc=tinguely@sgi.com \
--cc=xfs@oss.sgi.com \
--cc=zhong@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox