[Bug 217125] lib/libc/gen/fts.c resource leak in fts_build()
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Feb 16 01:24:33 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217125
Bug ID: 217125
Summary: lib/libc/gen/fts.c resource leak in fts_build()
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: dan.krejsa at gmail.com
This issue was initially found using Coverity on a port to another OS of (a
slightly older version of) the FreeBSD version of fts.c. It was not actually
observed in a running system.
To the best of my understanding, it still applies to the latest (Revision
300341) version that I could find of lib/libc/gen/fts.c.
Caveats: I am not personally a FreeBSD user, nor am not very familiar with
fts.c.
My intentions are good, please forgive me if I'm mistaken.
The problem occurs with this code in fts_build():
849 if (descend && (type == BCHILD || !nitems) &&
850 (cur->fts_level == FTS_ROOTLEVEL ?
851 FCHDIR(sp, sp->fts_rfd) :
852 fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) {
853 cur->fts_info = FTS_ERR;
854 SET(FTS_STOP);
855 return (NULL);
856 }
If the function returns at line 855, any memory allocated in the list of FTSENT
structures headed by 'head' would be leaked. As far as I can tell, it would be
possible (although probably uncommon, due to the presumed failure of the chdir
operation) to get into this code path with a non-empty list (type == BCHILD &&
nitems != 0).
Probably there should be an fts_lfree(head); call in there.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list