bug-gnulib@gnu.org mirror (unofficial)
 help / color / mirror / Atom feed
* regex: avoid memory leak
@ 2019-07-24  3:03 Bruno Haible
  2019-07-26  7:03 ` Paul Eggert
  0 siblings, 1 reply; 3+ messages in thread
From: Bruno Haible @ 2019-07-24  3:03 UTC (permalink / raw)
  To: bug-gnulib

Can someone please review this?


2019-07-23  Bruno Haible  <bruno@clisp.org>

	regex: Avoid memory leak.
	Reported by Coverity (CID 1484201).
	* lib/regex_internal.c (create_cd_newstate): Free newstate if we cannot
	allocate newstate->entrance_nodes.

diff --git a/lib/regex_internal.c b/lib/regex_internal.c
index 9004ce8..02b2e09 100644
--- a/lib/regex_internal.c
+++ b/lib/regex_internal.c
@@ -1724,7 +1724,10 @@ create_cd_newstate (const re_dfa_t *dfa, const re_node_set *nodes,
 		}
 	      if (re_node_set_init_copy (newstate->entrance_nodes, nodes)
 		  != REG_NOERROR)
-		return NULL;
+		{
+		  free_state (newstate);
+		  return NULL;
+		}
 	      nctx_nodes = 0;
 	      newstate->has_constraint = 1;
 	    }



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: regex: avoid memory leak
  2019-07-24  3:03 regex: avoid memory leak Bruno Haible
@ 2019-07-26  7:03 ` Paul Eggert
  2019-07-28 15:31   ` Bruno Haible
  0 siblings, 1 reply; 3+ messages in thread
From: Paul Eggert @ 2019-07-26  7:03 UTC (permalink / raw)
  To: Bruno Haible; +Cc: bug-gnulib

I think there's a related memory bug nearby. See:

https://sourceware.org/bugzilla/show_bug.cgi?id=24844

glibc is currently frozen, and I plan to install that patch into glibc after the 
next glibc release comes out, and then propagate the patch into gnulib. Comments 
welcome.


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: regex: avoid memory leak
  2019-07-26  7:03 ` Paul Eggert
@ 2019-07-28 15:31   ` Bruno Haible
  0 siblings, 0 replies; 3+ messages in thread
From: Bruno Haible @ 2019-07-28 15:31 UTC (permalink / raw)
  To: Paul Eggert; +Cc: bug-gnulib

Hi Paul,

> I think there's a related memory bug nearby. See:
> 
> https://sourceware.org/bugzilla/show_bug.cgi?id=24844

Good catch. Yes, when looking at the definitions of free_state,
re_node_set_free, re_free, it's clear that storing NULL in
newstate->entrance_nodes is going to cause a crash.

Bruno



^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-07-28 15:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-24  3:03 regex: avoid memory leak Bruno Haible
2019-07-26  7:03 ` Paul Eggert
2019-07-28 15:31   ` Bruno Haible

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).