dash.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jilles Tjoelker <jilles@stack.nl>
To: Andreas Bofjall <andreas@gazonk.org>
Cc: dash@vger.kernel.org
Subject: Re: [PATCH] trap: fix memory leak in exitshell()
Date: Tue, 22 Nov 2016 22:51:03 +0100	[thread overview]
Message-ID: <20161122215103.GA91593@stack.nl> (raw)
In-Reply-To: <20161121214052.32428-1-andreas@gazonk.org>

On Mon, Nov 21, 2016 at 10:40:52PM +0100, Andreas Bofjall wrote:
> After dash had executed the exit trap handler, the trap was reset but
> the pointer was never freed. This leak can be demonstrated by running
> dash through valgrind and executing the following shell script:

> 	foo() {
> 	    true
> 	}
> 	trap foo EXIT

> Fix by properly freeing the trap pointer in exitshell().

> Signed-off-by: Andreas Bofjall <andreas@gazonk.org>
> ---
>  src/trap.c | 1 +
>  1 file changed, 1 insertion(+)
> diff --git a/src/trap.c b/src/trap.c
> index edb9938..5418b07 100644
> --- a/src/trap.c
> +++ b/src/trap.c
> @@ -389,6 +389,7 @@ exitshell(void)
>  		trap[0] = NULL;
>  		evalskip = 0;
>  		evalstring(p, 0);
> +		ckfree(p);
>  	}
>  out:
>  	/*

This patch will shut up valgrind in the common case, but does not handle
the general case. The command string may contain an error or invoke the
exit builtin and in either case the command string will be leaked
(SIGINT might be expected to have a similar effect, but behaves
strangely from an EXIT trap in dash).

You can probably use the exception handling already present in the
function to fix this. Note that ckfree() should only be used while
INTOFF is in effect, both to avoid longjmp'ing out of free() and to
ensure exactly one free in the presence of interruptions and errors.

Jilles Tjoelker

  reply	other threads:[~2016-11-22 21:51 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-21 21:40 [PATCH] trap: fix memory leak in exitshell() Andreas Bofjall
2016-11-22 21:51 ` Jilles Tjoelker [this message]
2016-11-22 22:47   ` Andreas Bofjäll

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161122215103.GA91593@stack.nl \
    --to=jilles@stack.nl \
    --cc=andreas@gazonk.org \
    --cc=dash@vger.kernel.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).