[Bug libc/19039] New: argp leaks memory when argp.options is a non-NULL array of zero length

[Bug libc/19039] New: argp leaks memory when argp.options is a non-NULL array of zero length

[kstauffer at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=19039

            Bug ID: 19039
           Summary: argp leaks memory when argp.options is a non-NULL
                    array of zero length
           Product: glibc
           Version: 2.24
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: kstauffer at gmail dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

Created attachment 8662
  --> https://sourceware.org/bugzilla/attachment.cgi?id=8662&action=edit
A simple parser with a non-NULL options array of length zero

Run the attached program under valgrind:

$ valgrind --leak-check=full --show-leak-kinds=all ./a --help
==23462== Memcheck, a memory error detector
==23462== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==23462== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==23462== Command: ./a --help
==23462== 
Usage: a [OPTION...]

  -?, --help                 Give this help list
      --usage                Give a short usage message
==23462== 
==23462== HEAP SUMMARY:
==23462==     in use at exit: 407 bytes in 3 blocks
==23462==   total heap usage: 10 allocs, 7 frees, 969 bytes allocated
==23462== 
==23462== 0 bytes in 1 blocks are definitely lost in loss record 1 of 3
==23462==    at 0x4C29E6F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23462==    by 0x4F22CDD: argp_hol (in /usr/lib/libc-2.22.so)
==23462==    by 0x4F22E85: argp_hol (in /usr/lib/libc-2.22.so)
==23462==    by 0x4F241F0: _help (in /usr/lib/libc-2.22.so)
==23462==    by 0x4F24909: argp_state_help (in /usr/lib/libc-2.22.so)
==23462==    by 0x4F24B89: argp_default_parser (in /usr/lib/libc-2.22.so)
==23462==    by 0x4F259E6: argp_parse (in /usr/lib/libc-2.22.so)
==23462==    by 0x400568: main (a.c:8)
==23462== 
==23462== 1 bytes in 1 blocks are definitely lost in loss record 2 of 3
==23462==    at 0x4C29E6F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23462==    by 0x4F22CEC: argp_hol (in /usr/lib/libc-2.22.so)
==23462==    by 0x4F22E85: argp_hol (in /usr/lib/libc-2.22.so)
==23462==    by 0x4F241F0: _help (in /usr/lib/libc-2.22.so)
==23462==    by 0x4F24909: argp_state_help (in /usr/lib/libc-2.22.so)
==23462==    by 0x4F24B89: argp_default_parser (in /usr/lib/libc-2.22.so)
==23462==    by 0x4F259E6: argp_parse (in /usr/lib/libc-2.22.so)
==23462==    by 0x400568: main (a.c:8)
==23462== 
==23462== 406 bytes in 1 blocks are still reachable in loss record 3 of 3
==23462==    at 0x4C29E6F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23462==    by 0x4F2512F: argp_parse (in /usr/lib/libc-2.22.so)
==23462==    by 0x400568: main (a.c:8)
==23462== 
==23462== LEAK SUMMARY:
==23462==    definitely lost: 1 bytes in 2 blocks
==23462==    indirectly lost: 0 bytes in 0 blocks
==23462==      possibly lost: 0 bytes in 0 blocks
==23462==    still reachable: 406 bytes in 1 blocks
==23462==         suppressed: 0 bytes in 0 blocks
==23462== 
==23462== For counts of detected and suppressed errors, rerun with: -v
==23462== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/19039] argp leaks memory when argp.options is a non-NULL array of zero length

[kstauffer at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=19039

--- Comment #1 from Kenny Stauffer <kstauffer at gmail dot com> ---
The leaked memory is allocated here:

argp-help.c:make_hol
      hol->entries = malloc (sizeof (struct hol_entry) * hol->num_entries);
      hol->short_options = malloc (num_short_options + 1);

When argp.options points to an array of zero length, num_entries is 0.

The leak happens here:

argp-help.c:hol_free
  if (hol->num_entries > 0)
    {
      free (hol->entries);
      free (hol->short_options);
    }

Of the many ways to fix this, perhaps the easiest would be to change make_hol
from this:

opts = argp.options;
...
if (opts)

To this:

opts = argp.options;
...
if (opts && ! oend (opts))

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug libc/19039] argp leaks memory when argp.options is a non-NULL array of zero length

[kstauffer at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=19039

Kenny Stauffer <kstauffer at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kstauffer at gmail dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.