| To: | xen-devel@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-devel] Xenstored: eliminate double free and fixes for memory leak |
| From: | "Peter Teoh" <htmldeveloper@xxxxxxxxx> |
| Date: | 2007年9月17日 10:19:52 +0800 |
| Delivery-date: | 2007年9月16日 19:20:31 -0700 |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=J47iZ37uTSoPc78Slj1f01a4iuUVTEkU9NVb8VGTGKU=; b=GIT/goTLJaHZfJt4aBIrWq5qtlTI9lqXKkm7SAXnpkUt4sNjQjtDwDmigHTsF0Yk0yLabzfKHs8IWnB5fRT7iatK7QdR3QGPdCpE0QwfeTNBbdHiVOs3mzgi9SsAAOrrVCLpbVx3YjY69pnVDb2pesyAntXUplLg0RydikQpPTg= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=WC7kdiSNkKddJ7BmrNhhYnrrR4+w4XWInnJzzT0Rn/B8bIMdbXD6CnUr+hOJnnGtbCyu04VOUYiF/Mcb43g1slzhkeQr7bwyOUO37/BUdjIKX22CP0Ygr8hTuCXirs2UtbL/kgqsvyLFaivJnso2itUDe9VnNscwq8cXvfhat+0= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
Please review. This patch fixes a few problems: a. In handle_input(), which is called from main() in xenstored_core.c, the conn->in is freed when there is no error, but conn is freed when there is error. This is inconsistent. Moreover, the conn is freed again upon exit from handle_input(), inside the main. b. Another problem is that perms_to_strings() returned a allocated memory (via realloc()). The only time the value is returned is in do_get_perms(), but immediately after send_reply(), the pointer is immediately thrown away, resulting in a memory leak condition, as send_reply() does not free any memory. c. Many of the functions like read_node(), get_parent(), talloc_asprintf() etc all will allocate memory and return a pointer when memory is allocated, but many times these are not freed. Another problem identified but which I cannot fix, is that create_hashtable() can return NULL in low memory condition. But this is not checked in the recursive function check_store_(). There is no value to specify error or not in the return value of check_store_() (declared as void). May be we should change this to unsigned int or something like that, so that error condition can be returned? I am still making changes to the same file, but was hesitant to incorporate so many changes as it will make the review more difficult. I will submit these further changes in the next posting.
Attachment:
eliminate_double_free_and_mem_leak.patch
Description: Text Data
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: [Xen-devel] [VTD-NEO][patch 0/6] Intel VT-d/Neocleus 1:1 mregedcode for PCI passthrough , Guy Zana |
|---|---|
| Next by Date: | [Xen-devel] Re: Xenstored: eliminate double free and fixes for memory leak , Peter Teoh |
| Previous by Thread: | SOLD OUT - LAST CHANCE- Looking for gift? Buy Rolex! joy1w , Ethan Singh |
| Next by Thread: | [Xen-devel] Re: Xenstored: eliminate double free and fixes for memory leak , Peter Teoh |
| Indexes: | [Date] [Thread] [Top] [All Lists] |