Bug 229653 - [RHEL5] [patch] cid-15 Fix memory leak in libe2p (e2p_edit_feature)
Summary: [RHEL5] [patch] cid-15 Fix memory leak in libe2p (e2p_edit_feature)
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: e2fsprogs   
(Show other bugs)
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Eric Sandeen
QA Contact: Jay Turner
URL:
Whiteboard:
Keywords: Reopened
Depends On:
Blocks: 239354
TreeView+ depends on / blocked
 
Reported: 2007-02-22 15:11 UTC by Bryn M. Reeves
Modified: 2018-10-19 22:54 UTC (History)
2 users (show)

Fixed In Version: RHBA-2007-0571
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 17:14:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Correctly free temporary buffer on return from e2p_edit_feature (992 bytes, patch)
2007-02-22 15:11 UTC, Bryn M. Reeves
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0571 normal SHIPPED_LIVE e2fsprogs bug fix update 2007-10-30 23:04:17 UTC

Description Bryn M. Reeves 2007-02-22 15:11:12 UTC
Description of problem:
Another small memory leak in e2fsprogs. This time affecting the e2p_edit_feature
routine.

A temporary buffer is allocated and never freed upon return.

Version-Release number of selected component (if applicable):
e2fsprogs-1.35-12.4.EL4

How reproducible:
100%

Steps to Reproduce:
1. Use an e2fsprogs command that will edit features, e.g. tune2fs -O^dir_index
2. Run the command under valgrind, e.g.:

$ valgrind --tool=memcheck --leak-check=yes ./tune2fs  -O^dir_index /tmp/img1 
==7264== Memcheck, a memory error detector.
==7264== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==7264== Using LibVEX rev 1575, a library for dynamic binary translation.
==7264== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==7264== Using valgrind-3.1.1, a dynamic binary instrumentation framework.
==7264== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==7264== For more details, rerun with: -v
==7264== 
tune2fs 1.35 (28-Feb-2004)
==7264== 
==7264== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 17 from 1)
==7264== malloc/free: in use at exit: 1,349 bytes in 54 blocks.
==7264== malloc/free: 100 allocs, 46 frees, 20,422 bytes allocated.
==7264== For counts of detected errors, rerun with: -v
==7264== searching for pointers to 54 not-freed blocks.
==7264== checked 79,476 bytes.
==7264== 
==7264== 11 bytes in 1 blocks are definitely lost in loss record 2 of 7
==7264==    at 0x4004405: malloc (vg_replace_malloc.c:149)
==7264==    by 0x255439: e2p_edit_feature (in /lib/libe2p.so.2.3)
==7264==    by 0x804A314: main (tune2fs.c:295)
==7264== 
==7264== 
==7264== 976 (32 direct, 944 indirect) bytes in 1 blocks are definitely lost in
loss record 3 of 7
==7264==    at 0x40056BF: calloc (vg_replace_malloc.c:279)
==7264==    by 0x25C8C6: blkid_get_cache (in /lib/libblkid.so.1.0)
==7264==    by 0x25F194: blkid_get_devname (in /lib/libblkid.so.1.0)
==7264==    by 0x8049487: parse_tune2fs_options (tune2fs.c:700)
==7264==    by 0x804A0FD: main (tune2fs.c:750)
==7264== 
==7264== LEAK SUMMARY:
==7264==    definitely lost: 43 bytes in 2 blocks.
==7264==    indirectly lost: 944 bytes in 50 blocks.
==7264==      possibly lost: 0 bytes in 0 blocks.
==7264==    still reachable: 362 bytes in 2 blocks.
==7264==         suppressed: 0 bytes in 0 blocks.
==7264== Reachable blocks (those to which a pointer was found) are not shown.
==7264== To see them, rerun with: --show-reachable=yes


  
Actual results:
==7264== 11 bytes in 1 blocks are definitely lost in loss record 2 of 7
==7264==    at 0x4004405: malloc (vg_replace_malloc.c:149)
==7264==    by 0x255439: e2p_edit_feature (in /lib/libe2p.so.2.3)
==7264==    by 0x804A314: main (tune2fs.c:295)
==7264== 

Expected results:
No leak reported from lib/e2p/feature.c

Additional info:

Comment 1 Bryn M. Reeves 2007-02-22 15:11:13 UTC
Created attachment 148572 [details]
Correctly free temporary buffer on return from e2p_edit_feature

Comment 3 Eric Sandeen 2007-05-30 03:30:36 UTC
upstream commit at http://thunk.org/hg/e2fsprogs/?rev/c80153bb3122

Comment 4 Eric Sandeen 2007-05-30 17:50:32 UTC
these 2 bugs contain the same patch.

*** This bug has been marked as a duplicate of 228889 ***

Comment 5 Bryn M. Reeves 2007-05-30 18:18:24 UTC
Actually, this should be against RHEL5 e2fsprogs - it has the same problem.


Comment 6 Benjamin Kahn 2007-06-08 14:40:55 UTC
Applying a DEV_ACK for Eric Sandeen <sandeen@redhat.com>.  This bug
    was found by coverity and has a patch available.

Comment 7 Eric Sandeen 2007-06-21 20:45:56 UTC
move to rhel5 tracker, fix summary... need to get a  couple other acks now.

Comment 9 Eric Sandeen 2007-06-22 20:32:36 UTC
Changes committed to e2fsprogs-1.39-9.el5

Comment 14 errata-xmlrpc 2007-11-07 17:14:24 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0571.html



Note You need to log in before you can comment on or make changes to this bug.