svn commit: r253210 - in head/sys: conf netinet

Mon Jul 15 18:38:09 UTC 2013

On Mon, Jul 15, 2013 at 11:36:16AM +0200, Ulrich Spörlein wrote:
> Hey Andre,
> 
> I don't see why this commit triggers it, but Coverity Scan found a new
> resource leak in this file. syncache_expand() will leak *s when line
> 1071 is reached. The "failed:" case below correctly frees the resources.
> 
> 1068/* how do we find the inp for the new socket? */
>         22. Condition "sc != &scs", taking true branch
> 1069        if (sc != &scs)
> 1070                syncache_free(sc);
>         
> CID null (#1 of 1): Resource leak (RESOURCE_LEAK)
> 23. leaked_storage: Variable "s" going out of scope leaks the storage it points to.
> 1071        return (1);
> 1072failed:
> 1073        if (sc != NULL && sc != &scs)
> 1074                syncache_free(sc);
> 1075        if (s != NULL)
> 1076                free(s, M_TCPLOG);
> 1077        *lsop = NULL;
> 1078        return (0);
> 1079}

It looks like free(s, M_TCPLOG) is missed in this branch:

  1043		if ((sc->sc_flags & SCF_TIMESTAMP) && !(to->to_flags & TOF_TS)) {
  1044			if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
  1045				log(LOG_DEBUG, "%s; %s: Timestamp missing, "
  1046				    "no action\n", s, __func__);
  1047		}

-- 
Mikolaj Golub