From: Mikael Magnusson <mikachu@gmail.com>
To: Peter Stephenson <p.stephenson@samsung.com>
Cc: zsh workers <zsh-workers@zsh.org>
Subject: Re: PATCH 13/17: anon funcs: don't leak shf when ctrl-c in () {:} =(sleep 1)
Date: Tue, 6 Jan 2015 11:14:12 +0100 [thread overview]
Message-ID: <CAHYJk3R4h7pAwGFwn1sgOMO5Z3YNXgDeYMgXtF6tFB-o+D5vKQ@mail.gmail.com> (raw)
In-Reply-To: <20150106095449.081ed9a5@pwslap01u.europe.root.pri>
On Tue, Jan 6, 2015 at 10:54 AM, Peter Stephenson
<p.stephenson@samsung.com> wrote:
> On Tue, 6 Jan 2015 06:25:45 +0100
> Mikael Magnusson <mikachu@gmail.com> wrote:
>> Found by Coverity (Issue 439076).
>> ---
>> Src/exec.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/Src/exec.c b/Src/exec.c
>> index 6b93008..207e8c1 100644
>> --- a/Src/exec.c
>> +++ b/Src/exec.c
>> @@ -4461,6 +4461,8 @@ execfuncdef(Estate state, Eprog redir_prog)
>> if (htok && args) {
>> execsubst(args);
>> if (errflag) {
>> + zsfree(shf->filename);
>> + zfree(shf, sizeof(*shf));
>> state->pc = end;
>> return 1;
>> }
>
> Can't see how that can be wrong. Nothing else can take owernship of
> shf in the error case.
I think what I was unsure of in this one, but forgot to write, is if
freeeprog(shf->funcdef) should also be called here? It looks like for
!names, it's all allocated on the heap, but then the non-error path
does free it explicitly anyway (and it looked like freeeprog just
doesn't touch it if it was on the heap), is that just paranoia? And
likewise for shf->redir. And since we have all these heap vs malloc
checks already, why not use zhalloc for shf too? Although the code
might end up neater if we just always do the malloc + free regardless
since there's a bunch of almost-identical code for that stuff.
--
Mikael Magnusson
next prev parent reply other threads:[~2015-01-06 10:14 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-06 5:25 Some valgrind patches Mikael Magnusson
2015-01-06 5:25 ` PATCH 01/17: emulate: Handle aborting from mixed -L/-c correctly Mikael Magnusson
2015-01-06 5:25 ` PATCH 02/17: Don't crash when writing out history if HOST is unset Mikael Magnusson
2015-01-06 5:25 ` PATCH 03/17: computil: Check for NULL before passing to strlen Mikael Magnusson
2015-01-06 5:25 ` PATCH 04/17: zle: size_t is unsigned, use int instead Mikael Magnusson
2015-01-06 5:25 ` PATCH 05/17: compcore: Fix size argument to zfree Mikael Magnusson
2015-01-06 5:25 ` PATCH 06/17: compctl: Remove pointless check Mikael Magnusson
2015-01-06 7:53 ` Bart Schaefer
2015-01-06 9:18 ` Mikael Magnusson
2015-01-06 9:43 ` Kamil Dudka
2015-01-06 11:09 ` Mikael Magnusson
2015-01-06 11:29 ` Kamil Dudka
2015-01-06 16:19 ` Ray Andrews
2015-01-06 5:25 ` PATCH 07/17: compresult: Remove unneeded NULL check Mikael Magnusson
2015-01-06 5:25 ` PATCH 08/17: subst: remove dead code Mikael Magnusson
2015-01-06 5:25 ` PATCH 09/17: complist: Fix leak of string in clnicezputs Mikael Magnusson
2015-01-06 5:25 ` PATCH 10/17: whence: use dupstring to not leak memory Mikael Magnusson
2015-01-06 5:25 ` PATCH 11/17: hist: use zhtricat instead of tricat Mikael Magnusson
2015-01-06 5:25 ` PATCH 12/17: typeset: fix leak of oldval Mikael Magnusson
2015-01-06 9:52 ` Peter Stephenson
2015-01-06 5:25 ` PATCH 13/17: anon funcs: don't leak shf when ctrl-c in () {:} =(sleep 1) Mikael Magnusson
2015-01-06 9:54 ` Peter Stephenson
2015-01-06 10:14 ` Mikael Magnusson [this message]
2015-01-06 10:34 ` Peter Stephenson
2015-01-06 11:06 ` Mikael Magnusson
2015-01-06 11:18 ` Peter Stephenson
2015-01-06 11:24 ` Mikael Magnusson
2015-01-06 5:25 ` PATCH 14/17: getsubsargs: free ptr1 before returning Mikael Magnusson
2015-01-06 10:03 ` Peter Stephenson
2015-01-06 5:25 ` PATCH 15/17: Don't leak ifs stuff Mikael Magnusson
2015-01-06 10:14 ` Peter Stephenson
2015-01-06 5:25 ` PATCH 16/17: compctl: Comparing array with 0 does nothing, check contents (should it be dropped instead?) Mikael Magnusson
2015-01-06 10:20 ` Peter Stephenson
2015-01-06 16:23 ` Ray Andrews
2015-01-06 16:30 ` İsmail Dönmez
2015-01-06 5:25 ` PATCH 17/17: check widthp before deref (is this okay, or should it be *swidep = buf + *widthp ? *widthp : 0; or something) Mikael Magnusson
2015-01-06 7:49 ` Bart Schaefer
2015-01-06 11:28 ` Mikael Magnusson
2015-01-06 11:30 ` Some valgrind patches Mikael Magnusson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHYJk3R4h7pAwGFwn1sgOMO5Z3YNXgDeYMgXtF6tFB-o+D5vKQ@mail.gmail.com \
--to=mikachu@gmail.com \
--cc=p.stephenson@samsung.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).