possible memory leak in commands/nand.c?
Sascha Hauer
s.hauer at pengutronix.de
Mon Dec 21 03:45:59 EST 2009
On Sun, Dec 20, 2009 at 02:33:11PM -0500, Robert P. J. Day wrote:
>
> once again, perhaps i'm just misreading this but consider this code
> from commands/nand.c, noting the two early calls to asprintf():
>
> ===== begin =====
>
> bb = xzalloc(sizeof(*bb));
> bb->devname = asprintf("/dev/%s", basename(path));
> if (name)
> bb->cdev.name = strdup(name);
> else
> bb->cdev.name = asprintf("%s.bb", basename(path));
>
> ret = stat(bb->devname, &s);
> if (ret)
> goto free_out;
>
> bb->raw_size = s.st_size;
>
> bb->fd = open(bb->devname, O_RDWR);
> if (bb->fd < 0) {
> ret = -ENODEV;
> goto free_out;
> }
>
> ret = ioctl(bb->fd, MEMGETINFO, &bb->info);
> if (ret)
> goto free_out;
>
> nand_bb_calc_size(bb);
> bb->cdev.ops = &nand_bb_ops;
> bb->cdev.priv = bb;
>
> devfs_create(&bb->cdev);
>
> return 0;
>
> free_out:
> free(bb);
> return ret;
>
> ===== end =====
>
> if something in the latter part of that code fails and control jumps
> to the label "free_out", won't this code fail to free() the memory
> allocated in the two asprintf() calls? isn't the programmer
> explicitly required to free memory allocated with asprintf() or
> vasprintf() calls?
Yes, indeed, that's a memory hole here. The following should fix this.
Thanks for noting.
Sascha
More information about the barebox
mailing list