Possible ztrdup memory leaks?

Possible ztrdup memory leaks?

[John T. Guthrie]

While going through the code in exec.c, I found the following at line 2876:

    nam = ztrdup(nam);

Correct me if I'm wrong, but would this cause a memory leak?  I found two other
places in the code where you have something of the form foo=ztrdup(foo): at
line 3408 of exec.c and line 330 of init.c.  Since ztrdup() uses zalloc(), I
wasn't certain if something special needed to be done to fix these leaks.
(The first and third of these potential leaks look intuitively easy to fix, but
I'm not certain if the second one is really a leak or not.)

John Guthrie
guthrie@counterexample.org

Re: Possible ztrdup memory leaks?

[Peter Stephenson]

"John T. Guthrie" wrote:
> 
> While going through the code in exec.c, I found the following at line 2876:
> 
>     nam = ztrdup(nam);
> 
> Correct me if I'm wrong, but would this cause a memory leak?

The answer turns out to be `no' for a slightly obscure reason:  you are
correct that the value returned by the function will not be freed, since
it goes straight into the list of command arguments which is always on
the heap.

However, the line in getoutputfile()
    zaddlinknode(jobtab[thisjob].filelist, nam);
adds the name to a list of files which will be freed when the complete
job is finished executing.  This only happens after the shell is sure
the command has finished with the filename added to the command
line, so it has to use malloc memory.

The interface for which functions return freeable memory and which
don't, and for the ones that don't, how long the memory will remain
valid, is horrific.  We could do with some more debugging information
or, failing that, a complete rewrite.

-- 
Peter Stephenson <pws@csr.com>                  Software Engineer
CSR Ltd., Science Park, Milton Road,
Cambridge, CB4 0WH, UK                          Tel: +44 (0)1223 692070


**********************************************************************
The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential 
and/or privileged material. 
Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by 
persons or entities other than the intended recipient is 
prohibited.  
If you received this in error, please contact the sender and 
delete the material from any computer.
**********************************************************************

Re: Possible ztrdup memory leaks?

[John T. Guthrie]

Peter Stephenson wrote:
> "John T. Guthrie" wrote:
> > 
> > While going through the code in exec.c, I found the following at line 2876:
> > 
> >     nam = ztrdup(nam);
> > 
> > Correct me if I'm wrong, but would this cause a memory leak?
> 
> The answer turns out to be `no' for a slightly obscure reason:  you are
> correct that the value returned by the function will not be freed, since
> it goes straight into the list of command arguments which is always on
> the heap.
> 
> However, the line in getoutputfile()
>     zaddlinknode(jobtab[thisjob].filelist, nam);
> adds the name to a list of files which will be freed when the complete
> job is finished executing.  This only happens after the shell is sure
> the command has finished with the filename added to the command
> line, so it has to use malloc memory.

I'm sorry if I'm still a little confused.  (Although I probably wasn't clear
either.)  In the line nam=ztrdup(nam), the value of nam gets overwritten by a
pointer to identical contents, but the old value of nam (that is, the value
that was used as input to ztrdup()) is now lost, and never gets freed.  I'm
still confused as to why this isn't a memory leak.  Although you did
answer another question that I had which was why the line nam=ztrdup(nam)
was necessary in the first place.

Thanks.

John Guthrie
guthrie@counterexample.org

Re: Possible ztrdup memory leaks?

[Peter Stephenson]

"John T. Guthrie" wrote:
> I'm sorry if I'm still a little confused.  (Although I probably wasn't clear
> either.)  In the line nam=ztrdup(nam), the value of nam gets overwritten by a
> pointer to identical contents, but the old value of nam (that is, the value
> that was used as input to ztrdup()) is now lost, and never gets freed.  I'm
> still confused as to why this isn't a memory leak.  Although you did
> answer another question that I had which was why the line nam=ztrdup(nam)
> was necessary in the first place.

If you look inside gettempname(), which is where `name' comes from,
the return value comes from

  ret = ((char *) _mktemp(dyncat(unmeta(s), "XXXXXX")));

(or the other functionally identical branch of the #if).
s is a raw parameter value or static string, so doesn't need freeing.
  (getsparam() and similar function just return the string or whatever
  in the parameter without copying, for efficiency.)
`dyncat' creates a concatenated string from heap memory, so doesn't
  need freeing.  (See mem.c for a description of heap memory.)
_mktemp simply uses the space already allocated, so the return value
  doesn't need freeing.

Lots of utility functions in this neck of the words work like this.  The
unusual thing about getoutputfile() is that it acquires non-freeable
memory, but needs freeable memory for the linked list of temporary
files, hences needs to ztrdup() the string it gets.

-- 
Peter Stephenson <pws@csr.com>                  Software Engineer
CSR Ltd., Science Park, Milton Road,
Cambridge, CB4 0WH, UK                          Tel: +44 (0)1223 692070


**********************************************************************
The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential 
and/or privileged material. 
Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by 
persons or entities other than the intended recipient is 
prohibited.  
If you received this in error, please contact the sender and 
delete the material from any computer.
**********************************************************************