From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26236 invoked by alias); 3 Aug 2007 11:56:36 -0000 Received: (qmail 26219 invoked by uid 22791); 3 Aug 2007 11:56:35 -0000 X-Spam-Check-By: sourceware.org Received: from sunsite.ms.mff.cuni.cz (HELO sunsite.mff.cuni.cz) (195.113.15.26) by sourceware.org (qpsmtpd/0.31) with ESMTP; Fri, 03 Aug 2007 11:56:28 +0000 Received: from sunsite.mff.cuni.cz (localhost.localdomain [127.0.0.1]) by sunsite.mff.cuni.cz (8.13.8/8.13.8) with ESMTP id l73C1NsD031601; Fri, 3 Aug 2007 14:01:23 +0200 Received: (from jakub@localhost) by sunsite.mff.cuni.cz (8.13.8/8.13.8/Submit) id l73C1Nq7031600; Fri, 3 Aug 2007 14:01:23 +0200 Date: Fri, 03 Aug 2007 11:56:00 -0000 From: Jakub Jelinek To: Ulrich Drepper Cc: Glibc hackers Subject: [PATCH] Memory leak fixes for gettext Message-ID: <20070803120122.GE4603@sunsite.mff.cuni.cz> Reply-To: Jakub Jelinek Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.2i Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-hacker-owner@sourceware.org X-SW-Source: 2007-08/txt/msg00003.txt.bz2 Hi! Although we store strduped encoding in convd->encoding, when we return NULL because __gconv_open failed, we haven't yet done domain->nconversions++ and therefore that string will be definitely leaked. While testing this I also discovered that _nl_find_domain can leak memory on failure and so can dl-load. The patch below fixes the two spots in intl and one in dl-load.c, though I'm afraid there are many other places in ld.so which can leak memory, as _dl_signal_*error is used pretty heavily. E.g. when /* It's a new directory. Create an entry and add it. */ dirp = (struct r_search_path_elem *) malloc (sizeof (*dirp) + ncapstr * sizeof (enum r_dir_status) + where_len + len + 1); if (dirp == NULL) _dl_signal_error (ENOMEM, NULL, NULL, N_("cannot create cache for search path")); in fillin_rpath calls _dl_signal_error, copy and result in decompose_rpath are leaked. 2007-08-03 Jakub Jelinek * intl/dcigettext.c (_nl_find_msg): Free encoding if __gconv_open failed. * intl/finddomain.c (_nl_find_domain): Free normalized_codeset on failure. * elf/dl-load.c (decompose_rpath): Free copy if result couldn't be allocated. --- libc/intl/dcigettext.c.jj 2007-07-29 11:45:13.000000000 +0200 +++ libc/intl/dcigettext.c 2007-08-03 13:27:24.000000000 +0200 @@ -949,7 +949,10 @@ _nl_find_msg (domain_file, domainbinding nothing to do. Otherwise do not use the translation at all. */ if (__builtin_expect (r != __GCONV_NULCONV, 1)) - return NULL; + { + free ((char *) encoding); + return NULL; + } convd->conv = (__gconv_t) -1; } --- libc/intl/finddomain.c.jj 2007-07-13 10:18:07.000000000 +0200 +++ libc/intl/finddomain.c 2007-08-03 13:32:27.000000000 +0200 @@ -143,7 +143,7 @@ _nl_find_domain (dirname, locale, domain if (retval == NULL) /* This means we are out of core. */ - return NULL; + goto out; if (retval->decided <= 0) _nl_load_domain (retval, domainbinding); @@ -159,6 +159,7 @@ _nl_find_domain (dirname, locale, domain } } +out: /* The space for normalized_codeset is dynamically allocated. Free it. */ if (mask & XPG_NORM_CODESET) free ((void *) normalized_codeset); --- libc/elf/dl-load.c.jj 2007-07-13 10:18:07.000000000 +0200 +++ libc/elf/dl-load.c 2007-08-03 13:39:18.000000000 +0200 @@ -578,6 +578,7 @@ decompose_rpath (struct r_search_path_st * sizeof (*result)); if (result == NULL) { + free (copy); errstring = N_("cannot create cache for search path"); signal_error: _dl_signal_error (ENOMEM, NULL, NULL, errstring); Jakub