From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-hacker-return-9717-listarch-libc-hacker=sources.redhat.com@sourceware.org>
Received: (qmail 7196 invoked by alias); 31 May 2011 11:35:04 -0000
Received: (qmail 7066 invoked by uid 22791); 31 May 2011 11:35:03 -0000
X-SWARE-Spam-Status: No, hits=-6.3 required=5.0
	tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28)
    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 31 May 2011 11:34:47 +0000
Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p4VBYlDX028160
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <libc-hacker@sourceware.org>; Tue, 31 May 2011 07:34:47 -0400
Received: from hase (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p4VBYjEY002779
	for <libc-hacker@sourceware.org>; Tue, 31 May 2011 07:34:46 -0400
From: Andreas Schwab <schwab@redhat.com>
To: libc-hacker@sourceware.org
Subject: [PATCH] Don't free non-malloced memory and fix memory leak
X-Yow: Yow!  It's some people inside the wall!  This is better than mopping!
Date: Tue, 31 May 2011 11:35:00 -0000
Message-ID: <m34o4bhzmy.fsf@redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-hacker.sourceware.org>
List-Subscribe: <mailto:libc-hacker-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-hacker/>
List-Post: <mailto:libc-hacker@sourceware.org>
List-Help: <mailto:libc-hacker-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-hacker-owner@sourceware.org
X-SW-Source: 2011-05/txt/msg00016.txt.bz2

2011-05-31  Andreas Schwab  <schwab@redhat.com>

	* nscd/nscd_getserv_r.c (nscd_getserv_r): Don't free non-malloced
	memory.  Use alloca_account.  Fix memory leak when retrying.
---
 nscd/nscd_getserv_r.c |   16 ++++++++++++----
 1 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/nscd/nscd_getserv_r.c b/nscd/nscd_getserv_r.c
index de96a57..f9ef056 100644
--- a/nscd/nscd_getserv_r.c
+++ b/nscd/nscd_getserv_r.c
@@ -124,6 +124,7 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
 	  s_name = (char *) (&found->data[0].servdata + 1);
 	  serv_resp = found->data[0].servdata;
 	  s_proto = s_name + serv_resp.s_name_len;
+	  alloca_aliases_len = 1;
 	  aliases_len = (uint32_t *) (s_proto + serv_resp.s_proto_len);
 	  aliases_list = ((char *) aliases_len
 			  + serv_resp.s_aliases_cnt * sizeof (uint32_t));
@@ -154,7 +155,9 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
 				     + (serv_resp.s_aliases_cnt
 					* sizeof (uint32_t)));
 	      if (alloca_aliases_len)
-		tmp = __alloca (serv_resp.s_aliases_cnt * sizeof (uint32_t));
+		tmp = alloca_account (serv_resp.s_aliases_cnt
+				      * sizeof (uint32_t),
+				      alloca_used);
 	      else
 		{
 		  tmp = malloc (serv_resp.s_aliases_cnt * sizeof (uint32_t));
@@ -249,8 +252,9 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
 				     + (serv_resp.s_aliases_cnt
 					* sizeof (uint32_t)));
 	      if (alloca_aliases_len)
-		aliases_len = alloca (serv_resp.s_aliases_cnt
-				      * sizeof (uint32_t));
+		aliases_len = alloca_account (serv_resp.s_aliases_cnt
+					      * sizeof (uint32_t),
+					      alloca_used);
 	      else
 		{
 		  aliases_len = malloc (serv_resp.s_aliases_cnt
@@ -368,7 +372,11 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto,
 	}
 
       if (retval != -1)
-	goto retry;
+	{
+	  if (!alloca_aliases_len)
+	    free (aliases_len);
+	  goto retry;
+	}
     }
 
   if (!alloca_aliases_len)
-- 
1.7.4.4


-- 
Andreas Schwab, schwab@redhat.com
GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84  5EC7 45C6 250E 6F00 984E
"And now for something completely different."