[PATCH nft] segtree: memleaks in interval_map_decompose()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

mpz_init_bitmask() overrides the existing memory area:

==19179== 8 bytes in 1 blocks are definitely lost in loss record 1 of 1
==19179==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==19179==    by 0x489C718: xmalloc (utils.c:36)
==19179==    by 0x4B825C5: __gmpz_init2 (in /usr/lib/x86_64-linux-g nu/libgmp.so.10.3.2)                                               f
==19179==    by 0x4880239: constant_expr_alloc (expression.c:400)
==19179==    by 0x489B8A1: interval_map_decompose (segtree.c:1098)
==19179==    by 0x489017D: netlink_list_setelems (netlink.c:1220)
==19179==    by 0x48779AC: cache_init_objects (rule.c:170)         5
==19179==    by 0x48779AC: cache_init (rule.c:228)
==19179==    by 0x48779AC: cache_update (rule.c:279)
==19179==    by 0x48A21AE: nft_evaluate (libnftables.c:406)

left-hand side of the interval is leaked when building the range:

==25835== 368 (128 direct, 240 indirect) bytes in 1 blocks are definitely lost in loss record 5 of 5
==25835==    at 0x483577F: malloc (vg_replace_malloc.c:299)
==25835==    by 0x489B628: xmalloc (utils.c:36)
==25835==    by 0x489B6F8: xzalloc (utils.c:65)
==25835==    by 0x487E176: expr_alloc (expression.c:45)
==25835==    by 0x487F960: mapping_expr_alloc (expression.c:1149)
==25835==    by 0x488EC84: netlink_delinearize_setelem (netlink.c:1166)
==25835==    by 0x4DC6928: nftnl_set_elem_foreach (set_elem.c:725)
==25835==    by 0x488F0D5: netlink_list_setelems (netlink.c:1215)
==25835==    by 0x487695C: cache_init_objects (rule.c:170)
==25835==    by 0x487695C: cache_init (rule.c:228)
==25835==    by 0x487695C: cache_update (rule.c:279)
==25835==    by 0x48A10BE: nft_evaluate (libnftables.c:406)
==25835==    by 0x48A19B6: nft_run_cmd_from_buffer (libnftables.c:451)
==25835==    by 0x10A8E1: main (main.c:487)

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 src/segtree.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/segtree.c b/src/segtree.c
index a9b4b1bd6e2c..3a641bc56213 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -1097,16 +1097,20 @@ void interval_map_decompose(struct expr *set)
 
 	i = constant_expr_alloc(&low->location, low->dtype,
 				low->byteorder, expr_value(low)->len, NULL);
-	mpz_init_bitmask(i->value, i->len);
+	mpz_bitmask(i->value, i->len);
 
 	if (!mpz_cmp(i->value, expr_value(low)->value)) {
 		expr_free(i);
 		i = low;
 	} else {
-		i = range_expr_alloc(&low->location, expr_value(low), i);
+		i = range_expr_alloc(&low->location,
+				     expr_clone(expr_value(low)), i);
 		i = set_elem_expr_alloc(&low->location, i);
 		if (low->etype == EXPR_MAPPING)
-			i = mapping_expr_alloc(&i->location, i, low->right);
+			i = mapping_expr_alloc(&i->location, i,
+					       expr_clone(low->right));
+
+		expr_free(low);
 	}
 
 	compound_expr_add(set, i);
-- 
2.20.1
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux