From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vmedvid@riseup.net>
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 by sourceware.org (Postfix) with ESMTPS id CDED73858D28
 for <newlib@sourceware.org>; Tue, 12 Apr 2022 13:23:28 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org CDED73858D28
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=riseup.net
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=riseup.net
Received: from fews1.riseup.net (fews1-pn.riseup.net [10.0.1.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mail.riseup.net", Issuer "R3" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 4Kd5yR3TC0zDrDX;
 Tue, 12 Apr 2022 06:23:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1649769807; bh=ncYV3I4UvYQ3/nZWEEhWupdRN5rV3DS37tXEoRNuiUg=;
 h=From:To:Cc:Subject:Date:From;
 b=HjJw9wq96lacraVzUHxfUFgDok1y3OQYm80MuxyN/7qioSHkK9kWU6+MEztRIIY+3
 tJB4PpinZwjmwX1CKAVIVUa73yBMM+KLZZYxAPTDLhPif11o5PktwnD7MmyPcWu116
 oTF4qBSCEEqbbGGDMWUSbvZel99Vi897fX91ITv0=
X-Riseup-User-ID: A0EA6BDA5642C901292443881B9D5DF7D7F8B195D5A4E88DAA1222FAB1B710F0
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews1.riseup.net (Postfix) with ESMTPSA id 4Kd5yQ69jTz5vts;
 Tue, 12 Apr 2022 06:23:26 -0700 (PDT)
From: Volodymyr Medvid <vmedvid@riseup.net>
To: newlib@sourceware.org
Subject: [PATCH] Fix stdio memory leaks with _REENT_SMALL + _LITE_EXIT
Date: Tue, 12 Apr 2022 16:23:13 +0300
Message-Id: <20220412132313.39160-1-vmedvid@riseup.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-10.5 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW,
 RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: newlib@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Newlib mailing list <newlib.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/newlib>,
 <mailto:newlib-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/newlib/>
List-Post: <mailto:newlib@sourceware.org>
List-Help: <mailto:newlib-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/newlib>,
 <mailto:newlib-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2022 13:23:30 -0000

When a thread calls stdio functions (say, printf) and then dies,
_reclaim_reent() runs cleanup_stdio() to free the file buffers
and descriptors created for this thread. This is causing multiple
memory leaks when newlib is configured with _REENT_SMALL
and _LITE_EXIT - this is the standard configuration for
newlib-nano provided with GNU Arm Embedded Toolchain.

1. While __sfp() allocates the FILE objects in GLOBAL_REENT glue chain,
   stdio_cleanup walks through the thread-specific glue chain
   to run the cleanup_func. Therefore, the FILE objects are never
   freed. This leaks ~428 bytes per thread (glue_with_file + 3 x FILE).

   To fix this, update __sfp() to use the per-thread glue chain for
   stdio descriptors.

2. With _LITE_EXIT enabled, _fflush_r is used as cleanup_func
   instead of _fclose_r - as a result, the I/O buffer memory allocated
   by __smakebuf_r is never freed - this leaks another 1024 bytes.
   To fix this, update cleanup_stdio to always use _fclose_r.

This is a follow-up patch for https://ecos.sourceware.org/ml/newlib/current/017697.html
---
 newlib/libc/stdio/findfp.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/newlib/libc/stdio/findfp.c b/newlib/libc/stdio/findfp.c
index 1370b63b8..2799980f3 100644
--- a/newlib/libc/stdio/findfp.c
+++ b/newlib/libc/stdio/findfp.c
@@ -153,7 +153,7 @@ __sfp (struct _reent *d)
 
   if (_GLOBAL_REENT->__cleanup == NULL)
     __sinit (_GLOBAL_REENT);
-  for (g = &_GLOBAL_REENT->__sglue;; g = g->_next)
+  for (g = &d->__sglue;; g = g->_next)
     {
       for (fp = g->_iobs, n = g->_niobs; --n >= 0; fp++)
 	if (fp->_flags == 0)
@@ -209,14 +209,9 @@ cleanup_stdio (struct _reent *ptr)
      the aforementioned systems. */
   cleanup_func = __sflushw_r;
 #else
-  /* Otherwise close files and flush read streams, too.
-     Note we call flush directly if "--enable-lite-exit" is in effect.  */
-#ifdef _LITE_EXIT
-  cleanup_func = _fflush_r;
-#else
+  /* Otherwise close files and flush read streams, too. */
   cleanup_func = _fclose_r;
 #endif
-#endif
 #ifdef _REENT_GLOBAL_STDIO_STREAMS
   if (ptr->_stdin != &__sf[0])
     (*cleanup_func) (ptr, ptr->_stdin);
-- 
2.25.1