* [2.5] memleak in load_elf_binary?
@ 2003-03-07 11:12 Oleg Drokin
2003-03-07 11:25 ` Andrew Morton
0 siblings, 1 reply; 6+ messages in thread
From: Oleg Drokin @ 2003-03-07 11:12 UTC (permalink / raw)
To: linux-kernel; +Cc: akpm
Hello!
I am still playing with improving memleak detector thing from smatch project.
Seems there is a memleak in fs/binfmt_elf.c::load_elf_binary() in current 2.5
If setup_arg_pages() fails (line 638 in my sources) we do return but
not freeing possibly allocated elf_interpreter (line 520) and
allocated elf_phdata (line 500) areas.
Is this looking real? At least it looks real for me (I am trying to get
number of false positives way down).
Bye,
Oleg
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [2.5] memleak in load_elf_binary?
2003-03-07 11:12 [2.5] memleak in load_elf_binary? Oleg Drokin
@ 2003-03-07 11:25 ` Andrew Morton
2003-03-07 11:36 ` Oleg Drokin
2003-03-07 11:36 ` Andrew Morton
0 siblings, 2 replies; 6+ messages in thread
From: Andrew Morton @ 2003-03-07 11:25 UTC (permalink / raw)
To: Oleg Drokin; +Cc: linux-kernel
Oleg Drokin <green@namesys.com> wrote:
>
> Hello!
>
> I am still playing with improving memleak detector thing from smatch project.
>
> Seems there is a memleak in fs/binfmt_elf.c::load_elf_binary() in current 2.5
> If setup_arg_pages() fails (line 638 in my sources) we do return but
> not freeing possibly allocated elf_interpreter (line 520) and
> allocated elf_phdata (line 500) areas.
>
> Is this looking real? At least it looks real for me (I am trying to get
> number of false positives way down).
>
Yes, you're right. And there's a second one further down.
Whoever thought of permitting more than one `return' statement in a C
function should be shot.
This needs a little thought, as we've already set the new personality and the
old executable has been rubbed out.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [2.5] memleak in load_elf_binary?
2003-03-07 11:25 ` Andrew Morton
@ 2003-03-07 11:36 ` Oleg Drokin
2003-03-07 11:51 ` Andrew Morton
2003-03-07 11:36 ` Andrew Morton
1 sibling, 1 reply; 6+ messages in thread
From: Oleg Drokin @ 2003-03-07 11:36 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-kernel
Hello!
On Fri, Mar 07, 2003 at 03:25:32AM -0800, Andrew Morton wrote:
> > I am still playing with improving memleak detector thing from smatch project.
> > Seems there is a memleak in fs/binfmt_elf.c::load_elf_binary() in current 2.5
> > If setup_arg_pages() fails (line 638 in my sources) we do return but
> > not freeing possibly allocated elf_interpreter (line 520) and
> > allocated elf_phdata (line 500) areas.
> > Is this looking real? At least it looks real for me (I am trying to get
> > number of false positives way down).
> Yes, you're right. And there's a second one further down.
Ah, hm? Can you be mo precise? I do not see it.
Next return I see is in line 745, and the memory is freed before it.
Bye,
Oleg
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [2.5] memleak in load_elf_binary?
2003-03-07 11:25 ` Andrew Morton
2003-03-07 11:36 ` Oleg Drokin
@ 2003-03-07 11:36 ` Andrew Morton
2003-03-07 20:46 ` Oleg Drokin
1 sibling, 1 reply; 6+ messages in thread
From: Andrew Morton @ 2003-03-07 11:36 UTC (permalink / raw)
To: green, linux-kernel
Andrew Morton <akpm@digeo.com> wrote:
>
> This needs a little thought, as we've already set the new personality and the
> old executable has been rubbed out.
Actually it looks to be fairly simple to fix. Less simple to test...
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [2.5] memleak in load_elf_binary?
2003-03-07 11:36 ` Oleg Drokin
@ 2003-03-07 11:51 ` Andrew Morton
0 siblings, 0 replies; 6+ messages in thread
From: Andrew Morton @ 2003-03-07 11:51 UTC (permalink / raw)
To: Oleg Drokin; +Cc: linux-kernel
Oleg Drokin <green@namesys.com> wrote:
>
> Hello!
>
> On Fri, Mar 07, 2003 at 03:25:32AM -0800, Andrew Morton wrote:
> > > I am still playing with improving memleak detector thing from smatch project.
> > > Seems there is a memleak in fs/binfmt_elf.c::load_elf_binary() in current 2.5
> > > If setup_arg_pages() fails (line 638 in my sources) we do return but
> > > not freeing possibly allocated elf_interpreter (line 520) and
> > > allocated elf_phdata (line 500) areas.
> > > Is this looking real? At least it looks real for me (I am trying to get
> > > number of false positives way down).
> > Yes, you're right. And there's a second one further down.
>
> Ah, hm? Can you be mo precise? I do not see it.
>
> Next return I see is in line 745, and the memory is freed before it.
>
It forgets to close the file. It'll be closed anyway by exit so
I guess that's OK.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [2.5] memleak in load_elf_binary?
2003-03-07 11:36 ` Andrew Morton
@ 2003-03-07 20:46 ` Oleg Drokin
0 siblings, 0 replies; 6+ messages in thread
From: Oleg Drokin @ 2003-03-07 20:46 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-kernel
Hello!
On Fri, Mar 07, 2003 at 03:36:09AM -0800, Andrew Morton wrote:
> > This needs a little thought, as we've already set the new personality and the
> > old executable has been rubbed out.
> Actually it looks to be fairly simple to fix. Less simple to test...
BTW, I just noticed that 2.4 have absolutely same problem it seems, so
you probably want to make fix for it too.
Bye,
Oleg
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2003-03-07 20:36 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-03-07 11:12 [2.5] memleak in load_elf_binary? Oleg Drokin
2003-03-07 11:25 ` Andrew Morton
2003-03-07 11:36 ` Oleg Drokin
2003-03-07 11:51 ` Andrew Morton
2003-03-07 11:36 ` Andrew Morton
2003-03-07 20:46 ` Oleg Drokin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).