fs/exec.c: fix minor memory leak

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Could someone please double-check this?


From: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Subject: fs/exec.c: fix minor memory leak

When the to-be-removed argument's trailing '\0' is the final byte in the
page, remove_arg_zero()'s logic will avoid freeing the page, will break
from the loop and will then advance bprm->p to point at the first byte in
the next page.  Net result: the final page for the zeroeth argument is
unfreed.

It isn't a very important leak - that page will be freed later by the
bprm-wide sweep in free_arg_pages().

Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=116841
Reported by: hujunjie <jj.net@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 fs/exec.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff -puN fs/exec.c~fs-execc-fix-minor-memory-leak fs/exec.c
--- a/fs/exec.c~fs-execc-fix-minor-memory-leak
+++ a/fs/exec.c
@@ -1482,8 +1482,15 @@ int remove_arg_zero(struct linux_binprm
 		kunmap_atomic(kaddr);
 		put_arg_page(page);
 
-		if (offset == PAGE_SIZE)
+		if (offset == PAGE_SIZE) {
 			free_arg_page(bprm, (bprm->p >> PAGE_SHIFT) - 1);
+		} else if (offset == PAGE_SIZE - 1) {
+			/*
+			 * The trailing '\0' is the last byte in a page - we're
+			 * about to advance past that byte so free its page now
+			 */
+			free_arg_page(bprm, (bprm->p >> PAGE_SHIFT));
+		}
 	} while (offset == PAGE_SIZE);
 
 	bprm->p++;
_

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]