Bug 275232 - libc memory leak - acl_to_text() / acl_to_text_np()
Summary: libc memory leak - acl_to_text() / acl_to_text_np()
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Ed Maste
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-21 14:00 UTC by Peter Eriksson
Modified: 2023-12-27 16:58 UTC (History)
1 user (show)

See Also:

Attachments
Patch to fix three small memory leaks in libc / acl_to_text() (665 bytes, patch)
2023-11-21 14:00 UTC, Peter Eriksson 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Eriksson 2023-11-21 14:00:49 UTC 
Created attachment 246464 [details]
Patch to fix three small memory leaks in libc / acl_to_text()

There is a couple of small memory leaks in the libc functions acl_to_text() ad acl_to_text_np() - if the ACL contains user: and/or group: entries then it will leak about sizeof(uid_t) allocated blocks for each ACL entry...


Compile with "cc -g" and then run with "valgrind --leak-check=full ./a.out":

#include <stdio.h>
#include <sys/acl.h>

int
main(int argc,
     char *argv[]) {
    acl_t a;
    acl_entry_t e;
    uid_t uid;


    a = acl_init(1);
    acl_create_entry(&a, &e);
    acl_set_tag_type(e, ACL_USER);
    uid = 1001;
    acl_set_qualifier(e, &uid);
    acl_set_entry_type_np(e, ACL_ENTRY_TYPE_ALLOW);

    char *s = acl_to_text(a, NULL);
    puts(s);
    acl_free(s);
    acl_free(a);
    return 0;
}


==94097== 4 bytes in 1 blocks are definitely lost in loss record 1 of 10
==94097==    at 0x484CBE4: malloc (vg_replace_malloc.c:435)
==94097==    by 0x4953AB3: acl_get_qualifier (in /lib/libc.so.7)
==94097==    by 0x49556B8: ??? (in /lib/libc.so.7)
==94097==    by 0x201B0D: main (acl_to_text_leak.c:20)

There are at least three missed acl_free() calls for returned identifiers from acl_get_qualifier() in lib/libc/posix1e/acl_to_text_nfs4.c
Comment 1 commit-hook freebsd_committer freebsd_triage 2023-12-17 22:07:00 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=7aa375dcc61e48cc56da45c9d5a11371693c8043

commit 7aa375dcc61e48cc56da45c9d5a11371693c8043
Author:     Peter Eriksson <pen@lysator.liu.se>
AuthorDate: 2023-12-17 22:03:13 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-12-17 22:06:03 +0000

    libc: correct some memory leaks in acl_to_text(3) and acl_to_text_np(3)

    PR:     275232
    MFC after:      1 week

 lib/libc/posix1e/acl_to_text_nfs4.c | 3 +++
 1 file changed, 3 insertions(+)
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-12-20 08:31:03 UTC 
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=e373880312fb8ea09c501975e1fd23234a0df1e3

commit e373880312fb8ea09c501975e1fd23234a0df1e3
Author:     Peter Eriksson <pen@lysator.liu.se>
AuthorDate: 2023-12-17 22:03:13 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-12-20 08:29:55 +0000

    libc: correct some memory leaks in acl_to_text(3) and acl_to_text_np(3)

    PR:     275232

    (cherry picked from commit 7aa375dcc61e48cc56da45c9d5a11371693c8043)

 lib/libc/posix1e/acl_to_text_nfs4.c | 3 +++
 1 file changed, 3 insertions(+)
Comment 3 commit-hook freebsd_committer freebsd_triage 2023-12-21 15:21:24 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=98693e7a99c489e7f095c3600c974b0f61a060f1

commit 98693e7a99c489e7f095c3600c974b0f61a060f1
Author:     Peter Eriksson <pen@lysator.liu.se>
AuthorDate: 2023-12-17 22:03:13 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-12-21 15:20:39 +0000

    libc: correct some memory leaks in acl_to_text(3) and acl_to_text_np(3)

    PR:     275232

    (cherry picked from commit 7aa375dcc61e48cc56da45c9d5a11371693c8043)

 lib/libc/posix1e/acl_to_text_nfs4.c | 3 +++
 1 file changed, 3 insertions(+)
Comment 4 Mark Linimon freebsd_committer freebsd_triage 2023-12-27 16:58:23 UTC 
^Triage: committed to all supported branches.