Re: [CHECKER] 32 Memory Leaks on Error Paths

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Wade <neroz@ii.net>
To: David Yu Chen <dychen@stanford.edu>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [CHECKER] 32 Memory Leaks on Error Paths
Date: Tue, 16 Sep 2003 16:45:42 +0800	[thread overview]
Message-ID: <3F66CDB6.7000601@ii.net> (raw)
In-Reply-To: <200309160435.h8G4ZkQM009953@elaine4.Stanford.EDU>

[-- Attachment #1: Type: text/plain, Size: 1669 bytes --]

David Yu Chen wrote:
> Hi All,
> 
> I'm with the Stanford Meta-level Compilation research group, and I
> have a set of memory leaks on error paths for the 2.6.0-test5 kernel.
> (I also have error reports for 2.4.18 and a couple other kernels if
> anyone is interested).
> 
> There may be one or more "GOTO -->" markers showing the different
> paths of execution that can occur between where the memory is
> allocated and where the function returns.
> 
> My checker identifies error paths with a learning algorithm on
> features surrounding goto and return statements.  I'd greatly
> appreciate any comments or confirmation on these bugs.
> 
> Thanks!
> 
> ---
> David Yu Chen
> http://www.stanford.edu/~dychen/
[snip]
> 
> [FILE:  2.6.0-test5/drivers/char/vt_ioctl.c]
> [FUNC:  do_kdsk_ioctl]
> [LINES: 133-150]
> [VAR:   key_map]
>  128:
>  129:			if (keymap_count >= MAX_NR_OF_USER_KEYMAPS &&
>  130:			    !capable(CAP_SYS_RESOURCE))
>  131:				return -EPERM;
>  132:
> START -->
>  133:			key_map = (ushort *) kmalloc(sizeof(plain_map),
>  134:						     GFP_KERNEL);
>  135:			if (!key_map)
>  136:				return -ENOMEM;
>  137:			key_maps[s] = key_map;
>  138:			key_map[0] = U(K_ALLOCATED);
>         ... DELETED 6 lines ...
>  145:			break;	/* nothing to do */
>  146:		/*
>  147:		 * Attention Key.
>  148:		 */
>  149:		if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN))
> END -->
>  150:			return -EPERM;
>  151:		key_map[i] = U(v);
>  152:		if (!s && (KTYP(ov) == KT_SHIFT || KTYP(v) == KT_SHIFT))
>  153:			compute_shiftstate();
>  154:		break;
>  155:	}
> ---------------------------------------------------------
> 

Is the attached correct?



[-- Attachment #2: vt_ioctl_memleak.diff --]
[-- Type: text/plain, Size: 515 bytes --]

--- linux-2.6.0-test5.old/drivers/char/vt_ioctl.c	2003-08-23 07:57:57.000000000 +0800
+++ linux-2.6.0-test5.new/drivers/char/vt_ioctl.c	2003-09-16 16:17:00.000000000 +0800
@@ -146,8 +146,10 @@
 		/*
 		 * Attention Key.
 		 */
-		if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN))
+		if (((ov == K_SAK) || (v == K_SAK)) && !capable(CAP_SYS_ADMIN)) {
+			kfree(key_map);
 			return -EPERM;
+		}
 		key_map[i] = U(v);
 		if (!s && (KTYP(ov) == KT_SHIFT || KTYP(v) == KT_SHIFT))
 			compute_shiftstate();

next prev parent reply	other threads:[~2003-09-16  8:45 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-09-16  4:35 [CHECKER] 32 Memory Leaks on Error Paths David Yu Chen
2003-09-16  6:40 ` Neil Brown
2003-09-16  6:55 ` Jörn Engel
2003-09-16  7:21   ` [PATCH] fix memleak in fs/jffs2/scan.c (was: re: [CHECKER] 32 Memory Leaks on Error Paths) Jörn Engel
2003-09-16  7:32   ` [CHECKER] 32 Memory Leaks on Error Paths Jörn Engel
2003-09-16  8:51   ` Jörn Engel
2003-09-16 14:52   ` Timothy Miller
2003-09-16 15:02     ` Wade
2003-09-16 15:04     ` Valdis.Kletnieks
2003-09-16 15:04     ` Nick Piggin
2003-09-16  8:45 ` Wade [this message]
2003-09-16  8:56   ` Jörn Engel
2003-09-16 12:10   ` Andries Brouwer
2003-09-16  9:07 ` Jörn Engel
2003-09-20  7:58   ` David S. Miller
2003-09-16  9:48 ` [PATCH] bttv-risc.c (was: Re: [CHECKER] 32 Memory Leaks on Error Paths) Wade
2003-09-16 10:18 ` [PATCH] fix memleak in emu10k1/midi.c " Wade
2003-09-16 12:03 ` [CHECKER] 32 Memory Leaks on Error Paths Andries Brouwer
2003-09-19 23:03 ` Chris Wright
2003-09-19 23:04 ` Chris Wright
2003-09-19 23:04 ` Chris Wright
2003-09-19 23:04 ` Chris Wright
2003-09-23 13:15   ` Stephen Smalley
2003-09-23 18:02     ` Chris Wright
2003-09-22 22:54 ` Chris Wright
2003-09-22 22:55 ` Chris Wright
2003-09-22 22:55 ` Chris Wright
2003-09-23 20:13 ` Chris Wright
2003-09-23 20:25   ` Greg KH
2003-09-23 21:38     ` Chris Wright
2003-09-23 22:14     ` Chris Wright
2003-09-24  0:17       ` Greg KH
2003-09-23 20:14 ` Chris Wright
2003-09-24  7:08   ` David Howells
2003-09-23 20:14 ` Chris Wright
2003-09-23 20:21   ` Jean Tourrilhes
2003-09-23 20:24     ` Chris Wright
2003-09-23 20:14 ` Chris Wright
2003-09-23 20:15 ` Chris Wright
     [not found] <20030923140503.N20572@osdlab.pdx.osdl.net>
2003-09-24  4:13 ` Pete Zaitcev
2003-09-24 12:49   ` Alan Cox
2003-09-24 16:38     ` Pete Zaitcev
2003-09-29 17:48   ` Marcelo Tosatti
2003-09-29 17:54     ` Pete Zaitcev
2003-11-06  0:58     ` Pete Zaitcev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3F66CDB6.7000601@ii.net \
    --to=neroz@ii.net \
    --cc=dychen@stanford.edu \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox