From: Rich Felker <dalias@aerifal.cx>
To: Xiaoming Ni <nixiaoming@huawei.com>
Cc: musl@lists.openwall.com, liucheng32@huawei.com
Subject: Re: [musl] [PATCH] time/tz: Fix memory leak when do_tzset() is repeated
Date: Tue, 9 May 2023 10:54:55 -0400 [thread overview]
Message-ID: <20230509145455.GK4163@brightrain.aerifal.cx> (raw)
In-Reply-To: <20230509124424.56508-1-nixiaoming@huawei.com>
On Tue, May 09, 2023 at 08:44:24PM +0800, Xiaoming Ni wrote:
> When do_tzset() and setenv("TZ") are repeatedly called,
> "old_tz" is repeatedly applied for memory and is not released,
> triggering memory leakage.
>
> s = getenv("TZ");
> i = strlen(s);
> if (i >= old_tz_size) {
> old_tz = malloc(old_tz_size);// without free old value
> }
>
> add free(old_tz) to avoid memory leak.
>
> Signed-off-by: Xiaoming Ni <nixiaoming@huawei.com>
> ---
> src/time/__tz.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/src/time/__tz.c b/src/time/__tz.c
> index c34b3eb7..917740ea 100644
> --- a/src/time/__tz.c
> +++ b/src/time/__tz.c
> @@ -151,6 +151,7 @@ static void do_tzset()
> old_tz_size *= 2;
> if (i >= old_tz_size) old_tz_size = i+1;
> if (old_tz_size > PATH_MAX+2) old_tz_size = PATH_MAX+2;
> + if (old_tz != old_tz_buf) free(old_tz);
> old_tz = malloc(old_tz_size);
> }
> if (old_tz) memcpy(old_tz, s, i+1);
> --
> 2.27.0
The whole purpose of the code block you're modifying is to grow the
size of the buffer geometrically so that the total allocation is well
bounded (on the order of 2x PATH_MAX) regardless of how many times you
change the TZ or how long a TZ string is, so that it does not have to
be freed. On top of this, a normal program that's not doing anything
unsafe (modifying own environment is unsafe without constraints like
knowing you'll always be single-threaded) only allocates once.
In general, musl avoids having libc components depend on malloc, and
when that's inevitable, avoids having them depend on free unless the
interface contract requires it. This way, only programs that actually
use malloc need to link malloc.
Rich
prev parent reply other threads:[~2023-05-09 14:55 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-09 12:44 Xiaoming Ni
2023-05-09 14:54 ` Rich Felker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230509145455.GK4163@brightrain.aerifal.cx \
--to=dalias@aerifal.cx \
--cc=liucheng32@huawei.com \
--cc=musl@lists.openwall.com \
--cc=nixiaoming@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).