public inbox for glibc-cvs@sourceware.org help / color / mirror / Atom feed
From: Florian Weimer <fw@sourceware.org> To: glibc-cvs@sourceware.org Subject: [glibc] gconv: Check reference count in __gconv_release_cache [BZ #24677] Date: Thu, 25 Jul 2019 22:26:00 -0000 [thread overview] Message-ID: <20190725222607.107217.qmail@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=50ce3eae5ba304650459d4441d7d246a7cefc26f commit 50ce3eae5ba304650459d4441d7d246a7cefc26f Author: Florian Weimer <fweimer@redhat.com> Date: Thu Jul 18 17:27:24 2019 +0200 gconv: Check reference count in __gconv_release_cache [BZ #24677] This fixes a regression introduced in commit 7e740ab2e7be7d83b75513aa406e0b10875f7f9c ("libio: Fix gconv-related memory leak [BZ #24583]"). __gconv_release_cache is only ever called with heap-allocated arrays which contain at least one member. The statically allocated ASCII steps are filtered out by __wcsmbs_close_conv. Diff: --- ChangeLog | 6 ++++++ iconv/gconv_cache.c | 9 ++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 31a6b38..dbdb85d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2019-07-25 Florian Weimer <fweimer@redhat.com> + + [BZ #24677] + * iconv/gconv_cache.c (__gconv_release_cache): Check reference + counter before freeing array. + 2019-07-24 H.J. Lu <hongjiu.lu@intel.com> [BZ #24603] diff --git a/iconv/gconv_cache.c b/iconv/gconv_cache.c index 9a456bf..4db7287 100644 --- a/iconv/gconv_cache.c +++ b/iconv/gconv_cache.c @@ -446,9 +446,12 @@ __gconv_lookup_cache (const char *toset, const char *fromset, void __gconv_release_cache (struct __gconv_step *steps, size_t nsteps) { - if (gconv_cache != NULL) - /* The only thing we have to deallocate is the record with the - steps. */ + /* The only thing we have to deallocate is the record with the + steps. But do not do this if the reference counter is still + positive. This can happen if the steps array was cloned by + __wcsmbs_clone_conv. (The array elements have separate __counter + fields, but they are only out of sync temporarily.) */ + if (gconv_cache != NULL && steps->__counter == 0) free (steps); }
reply other threads:[~2019-07-25 22:26 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190725222607.107217.qmail@sourceware.org \ --to=fw@sourceware.org \ --cc=glibc-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).