Bug 275232

Summary: libc memory leak - acl_to_text() / acl_to_text_np()
Product: Base System Reporter: Peter Eriksson <pen>
Component: binAssignee: Konstantin Belousov <kib>
Status: Closed FIXED    
Severity: Affects Some People CC: emaste, markj
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch to fix three small memory leaks in libc / acl_to_text() none

Description Peter Eriksson 2023-11-21 14:00:49 UTC 
Created attachment 246464 [details]
Patch to fix three small memory leaks in libc / acl_to_text()

There is a couple of small memory leaks in the libc functions acl_to_text() ad acl_to_text_np() - if the ACL contains user: and/or group: entries then it will leak about sizeof(uid_t) allocated blocks for each ACL entry...


Compile with "cc -g" and then run with "valgrind --leak-check=full ./a.out":

#include <stdio.h>
#include <sys/acl.h>

int
main(int argc,
     char *argv[]) {
    acl_t a;
    acl_entry_t e;
    uid_t uid;


    a = acl_init(1);
    acl_create_entry(&a, &e);
    acl_set_tag_type(e, ACL_USER);
    uid = 1001;
    acl_set_qualifier(e, &uid);
    acl_set_entry_type_np(e, ACL_ENTRY_TYPE_ALLOW);

    char *s = acl_to_text(a, NULL);
    puts(s);
    acl_free(s);
    acl_free(a);
    return 0;
}


==94097== 4 bytes in 1 blocks are definitely lost in loss record 1 of 10
==94097==    at 0x484CBE4: malloc (vg_replace_malloc.c:435)
==94097==    by 0x4953AB3: acl_get_qualifier (in /lib/libc.so.7)
==94097==    by 0x49556B8: ??? (in /lib/libc.so.7)
==94097==    by 0x201B0D: main (acl_to_text_leak.c:20)

There are at least three missed acl_free() calls for returned identifiers from acl_get_qualifier() in lib/libc/posix1e/acl_to_text_nfs4.c
Comment 1 commit-hook freebsd_committer freebsd_triage 2023-12-17 22:07:00 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=7aa375dcc61e48cc56da45c9d5a11371693c8043

commit 7aa375dcc61e48cc56da45c9d5a11371693c8043
Author:     Peter Eriksson <pen@lysator.liu.se>
AuthorDate: 2023-12-17 22:03:13 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-12-17 22:06:03 +0000

    libc: correct some memory leaks in acl_to_text(3) and acl_to_text_np(3)

    PR:     275232
    MFC after:      1 week

 lib/libc/posix1e/acl_to_text_nfs4.c | 3 +++
 1 file changed, 3 insertions(+)
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-12-20 08:31:03 UTC 
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=e373880312fb8ea09c501975e1fd23234a0df1e3

commit e373880312fb8ea09c501975e1fd23234a0df1e3
Author:     Peter Eriksson <pen@lysator.liu.se>
AuthorDate: 2023-12-17 22:03:13 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-12-20 08:29:55 +0000

    libc: correct some memory leaks in acl_to_text(3) and acl_to_text_np(3)

    PR:     275232

    (cherry picked from commit 7aa375dcc61e48cc56da45c9d5a11371693c8043)

 lib/libc/posix1e/acl_to_text_nfs4.c | 3 +++
 1 file changed, 3 insertions(+)
Comment 3 commit-hook freebsd_committer freebsd_triage 2023-12-21 15:21:24 UTC 
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=98693e7a99c489e7f095c3600c974b0f61a060f1

commit 98693e7a99c489e7f095c3600c974b0f61a060f1
Author:     Peter Eriksson <pen@lysator.liu.se>
AuthorDate: 2023-12-17 22:03:13 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-12-21 15:20:39 +0000

    libc: correct some memory leaks in acl_to_text(3) and acl_to_text_np(3)

    PR:     275232

    (cherry picked from commit 7aa375dcc61e48cc56da45c9d5a11371693c8043)

 lib/libc/posix1e/acl_to_text_nfs4.c | 3 +++
 1 file changed, 3 insertions(+)
Comment 4 Mark Linimon freebsd_committer freebsd_triage 2023-12-27 16:58:23 UTC 
^Triage: committed to all supported branches.
Comment 5 Mark Johnston freebsd_committer freebsd_triage 2024-10-17 21:51:19 UTC 
Seems fixed:

markj@xinde> valgrind --leak-check=full ./acl
==1466== Memcheck, a memory error detector
==1466== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==1466== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
==1466== Command: ./acl
==1466== 
        user:markj:--------------:-------:allow

==1466== 
==1466== HEAP SUMMARY:
==1466==     in use at exit: 8,618 bytes in 7 blocks
==1466==   total heap usage: 75 allocs, 68 frees, 57,939 bytes allocated
==1466== 
==1466== LEAK SUMMARY:
==1466==    definitely lost: 0 bytes in 0 blocks
==1466==    indirectly lost: 0 bytes in 0 blocks
==1466==      possibly lost: 0 bytes in 0 blocks
==1466==    still reachable: 1,024 bytes in 1 blocks
==1466==         suppressed: 7,594 bytes in 6 blocks
==1466== Reachable blocks (those to which a pointer was found) are not shown.
==1466== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==1466== 
==1466== For lists of detected and suppressed errors, rerun with: -s
==1466== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)