Bug 485032
| Summary: | use delete[] to free memory allocated by new[] | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Kamil Dudka <kdudka> | ||||||
| Component: | coolkey | Assignee: | Jack Magne <jmagne> | ||||||
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | high | ||||||||
| Version: | 11 | CC: | emaldona, jmagne, rrelyea, sbrabec | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | coolkey-1_1_0-11_fc12 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 555025 (view as bug list) | Environment: | |||||||
| Last Closed: | 2010-06-28 11:15:24 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 473302, 501138 | ||||||||
| Attachments: |
|
||||||||
Valgrind output with debug info: ==29696== Mismatched free() / delete / delete [] ==29696== at 0x40054AA: operator delete(void*) (vg_replace_malloc.c:342) ==29696== by 0x418A097: SlotMemSegment::SlotMemSegment(char const*) (slot.cpp:1459) ==29696== by 0x418CAF5: Slot::Slot(char const*, Log*, _CKYCardContext*) (slot.cpp:335) ==29696== by 0x418D241: SlotList::updateSlotList() (slot.cpp:143) ==29696== by 0x418D439: SlotList::SlotList(Log*) (slot.cpp:74) ==29696== by 0x41827D7: C_Initialize (coolkey.cpp:239) ==29696== by 0x403D5CF: secmod_ModuleInit (pk11load.c:164) ==29696== by 0x403DB97: SECMOD_LoadPKCS11Module (pk11load.c:378) ==29696== by 0x4050FDA: SECMOD_LoadModule (pk11pars.c:323) ==29696== by 0x405116E: SECMOD_LoadModule (pk11pars.c:338) ==29696== by 0x401DBF1: nss_Init (nssinit.c:536) ==29696== by 0x401E1BC: NSS_Initialize (nssinit.c:653) ==29696== Address 0x428df08 is 0 bytes inside a block of size 24 alloc'd ==29696== at 0x4005E1E: operator new[](unsigned) (vg_replace_malloc.c:268) ==29696== by 0x418A046: SlotMemSegment::SlotMemSegment(char const*) (slot.cpp:1452) ==29696== by 0x418CAF5: Slot::Slot(char const*, Log*, _CKYCardContext*) (slot.cpp:335) ==29696== by 0x418D241: SlotList::updateSlotList() (slot.cpp:143) ==29696== by 0x418D439: SlotList::SlotList(Log*) (slot.cpp:74) ==29696== by 0x41827D7: C_Initialize (coolkey.cpp:239) ==29696== by 0x403D5CF: secmod_ModuleInit (pk11load.c:164) ==29696== by 0x403DB97: SECMOD_LoadPKCS11Module (pk11load.c:378) ==29696== by 0x4050FDA: SECMOD_LoadModule (pk11pars.c:323) ==29696== by 0x405116E: SECMOD_LoadModule (pk11pars.c:338) ==29696== by 0x401DBF1: nss_Init (nssinit.c:536) ==29696== by 0x401E1BC: NSS_Initialize (nssinit.c:653) Created attachment 339527 [details] fix for yet another occurrence Patch for yet another occurrence of this error found by David Binderman: https://bugzilla.novell.com/show_bug.cgi?id=443369 Raising priority to high. This typo-like bug breaks other packages two years for nothing. It's easy to apply two one-line patches like these. This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping proposing as F12Target And it would be nice to have this CoolKey fixes in time for the upcoming NSS test day. Sounds like a good idea. At least bug 245678, bug 246052, bug 250738, bug 356971 and bug 497758 also contain patches. It would be nice to apply all of them and make new bugfix release. Bob:
I tried out the patches for this bug. They seem to work fine.
RCS file: /cvs/dirsec/coolkey/src/coolkey/slot.cpp,v
retrieving revision 1.11
diff -C 2 -r1.11 slot.cpp
*** src/coolkey/slot.cpp 19 Feb 2009 02:04:13 -0000 1.11
--- src/coolkey/slot.cpp 16 Sep 2009 18:38:17 -0000
***************
*** 1529,1533 ****
sprintf(segName,SEGMENT_PREFIX"%s",readerName);
segment = SHMem::initSegment(segName, MAX_OBJECT_STORE_SIZE, needInit);
! delete segName;
if (!segment) {
// just run without shared memory
--- 1529,1533 ----
sprintf(segName,SEGMENT_PREFIX"%s",readerName);
segment = SHMem::initSegment(segName, MAX_OBJECT_STORE_SIZE, needInit);
! delete [] segName;
if (!segment) {
// just run without shared memory
RCS file: /cvs/dirsec/coolkey/src/coolkey/object.cpp,v
retrieving revision 1.3
diff -C 2 -r1.3 object.cpp
*** src/coolkey/object.cpp 14 Feb 2008 23:48:19 -0000 1.3
--- src/coolkey/object.cpp 16 Sep 2009 18:38:16 -0000
***************
*** 398,402 ****
// clean up old one
if (label) {
! delete label;
label = NULL;
}
--- 398,402 ----
// clean up old one
if (label) {
! delete [] label;
label = NULL;
}
r+ for this patch... There is one other place that is still missing... ~PKCS11Object in object.h. both the 'delete label' and 'delete name' should be delete [] label; and delete [] name; bob Checking in configure.in; /cvs/dirsec/coolkey/configure.in,v <-- configure.in new revision: 1.15; previous revision: 1.14 done Running syncmail... Mailing relnotes... ...syncmail done. Running syncmail... Mailing cvsdirsec... ...syncmail done. Checking in src/coolkey/object.cpp; /cvs/dirsec/coolkey/src/coolkey/object.cpp,v <-- object.cpp new revision: 1.4; previous revision: 1.3 done Checking in src/coolkey/object.h; /cvs/dirsec/coolkey/src/coolkey/object.h,v <-- object.h new revision: 1.2; previous revision: 1.1 done Checking in src/coolkey/slot.cpp; /cvs/dirsec/coolkey/src/coolkey/slot.cpp,v <-- slot.cpp new revision: 1.12; previous revision: 1.11 done Running syncmail... Mailing relnotes... ...syncmail done. Running syncmail... Mailing cvsdirsec... ...syncmail done. This message is a reminder that Fedora 11 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 11. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '11'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 11's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 11 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed. Both issues are already fixed: http://cvs.fedoraproject.org/viewvc/devel/coolkey/coolkey-simple-bugs.patch?revision=1.1&view=markup |
Created attachment 331542 [details] easy fix Description of problem: undefined behavior of invalid delete Version-Release number of selected component (if applicable): coolkey-1.1.0-7.fc11 Actual results: valgrind reports Mismatched free() / delete / delete []