Re: [musl] Memory Leak - Markus Wichmann

mailing list of musl libc
 help / color / mirror / code / Atom feed

From: Markus Wichmann <nullplan@gmx.net>
To: musl@lists.openwall.com
Cc: Luca <groovysnail42@gmail.com>
Subject: Re: [musl] Memory Leak
Date: Wed, 17 Jul 2024 20:33:35 +0200	[thread overview]
Message-ID: <ZpgOf4zBSrnueTMT@voyager> (raw)
In-Reply-To: <CAND4rFaJyy4qEooADYHjFj3yF3wQaQ02GCX3u13_OJGOr1hu+w@mail.gmail.com>

Am Wed, Jul 17, 2024 at 06:54:59PM +0200 schrieb Luca:
> The variable `static char **oldenv` is passed to a free in line 29:
> `free(oldenv);`.
> The variable is a 2d pointer and therefore all contents within it should be
> freed.
> By freeing only oldenv all the lines of `__environ` are lost.
>
> Possible hotfix:
> ```
> for (int j = 0; oldenv[j]; ++j) free(oldenv[j]);
> free(oldenv);
> ```

No, that is invalid. You can only call free() on pointers that you own,
and that came from malloc(). The first property is not fulfilled in
putenv(). putenv() doesn't own any of the pointers given to it. It only
places them inside the environment.

And that's the end of that, really. Even those environment pointers
that were allocated are invalid to free() here because putenv() doesn't
own them. setenv() might, but that's what __env_rm_add() is for.

Also, many of the pointers in oldenv are shared with newenv. Freeing
them would leave dangling pointers in the environment list.

Ciao,
Markus

     prev parent reply	other threads:[~2024-07-17 18:34 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-17 16:54 Luca
2024-07-17 18:33 ` Markus Wichmann [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZpgOf4zBSrnueTMT@voyager \
    --to=nullplan@gmx.net \
    --cc=groovysnail42@gmail.com \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).