GNU bug report logs - #12542
[PATCH] du: avoid abort on systems for which ->me_type is not malloc'd

Previous Next

Package: coreutils;

Reported by: Jim Meyering <jim <at> meyering.net>

Date: Sun, 30 Sep 2012 12:34:02 UTC

Severity: normal

Tags: patch

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 12542 in the body.
You can then email your comments to 12542 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-coreutils <at> gnu.org:
bug#12542; Package coreutils. (Sun, 30 Sep 2012 12:34:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Jim Meyering <jim <at> meyering.net>:
New bug report received and forwarded. Copy sent to bug-coreutils <at> gnu.org. (Sun, 30 Sep 2012 12:34:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: bug-coreutils <at> gnu.org
Subject: [PATCH] du: avoid abort on systems for which ->me_type is not malloc'd
Date: Sun, 30 Sep 2012 14:32:35 +0200

I noticed that "make check" was failing a fundamental test of du
on OpenBSD.  It would have been trivial to diagnose with valgrind,
but that tool wasn't easily available on the affected system...

[I'm reporting this to the bug- mailing list, since I suppose we
 should report all bugs there. ]


From caaf7cce39828ef3e90766fe2d6cc64559c13a60 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering <at> redhat.com>
Date: Sun, 30 Sep 2012 14:28:47 +0200
Subject: [PATCH] du: avoid abort on systems for which ->me_type is not
 malloc'd

On some systems (notably, BSD-based, like at least OpenBSD 4.9),
the me_type member does not come from the heap.
* src/du.c (fill_mount_table): Free the ->me_type member only
when it was malloc'd, i.e., when ->me_type_malloced is nonzero.
Bug introduced via commit v8.19-2-gcf7e1b5.
---
 src/du.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/du.c b/src/du.c
index ee90da9..63daaa9 100644
--- a/src/du.c
+++ b/src/du.c
@@ -660,7 +660,8 @@ fill_mount_table (void)

       free (mnt_free->me_devname);
       free (mnt_free->me_mountdir);
-      free (mnt_free->me_type);
+      if (mnt_free->me_type_malloced)
+        free (mnt_free->me_type);
       free (mnt_free);
     }
 }
--
1.7.12.1.382.gb0576a6
Reply sent to Jim Meyering <jim <at> meyering.net>:
You have taken responsibility. (Sun, 30 Sep 2012 12:44:01 GMT) Full text and rfc822 format available.
Notification sent to Jim Meyering <jim <at> meyering.net>:
bug acknowledged by developer. (Sun, 30 Sep 2012 12:44:01 GMT) Full text and rfc822 format available.

Message #10 received at 12542-done <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: 12542-done <at> debbugs.gnu.org
Subject: Re: bug#12542: [PATCH] du: avoid abort on systems for which ->me_type
	is not malloc'd
Date: Sun, 30 Sep 2012 14:43:18 +0200

Jim Meyering wrote:
> I noticed that "make check" was failing a fundamental test of du
> on OpenBSD.  It would have been trivial to diagnose with valgrind,
> but that tool wasn't easily available on the affected system...

I've just pushed the patch.
A better one should come soon, in which I add
a function in mountlist.c (declared in the .h file)
by which to encapsulate this mount-entry freeing process.
Information forwarded to bug-coreutils <at> gnu.org:
bug#12542; Package coreutils. (Sun, 30 Sep 2012 16:13:02 GMT) Full text and rfc822 format available.

Message #13 received at 12542 <at> debbugs.gnu.org (full text, mbox):

From: Bernhard Voelker <mail <at> bernhard-voelker.de>
To: 12542 <at> debbugs.gnu.org, jim <at> meyering.net
Subject: Re: bug#12542: [PATCH] du: avoid abort on systems for which ->me_type
	is not malloc'd
Date: Sun, 30 Sep 2012 18:12:12 +0200


On 09/30/2012 02:43 PM, Jim Meyering wrote:
> A better one should come soon, in which I add
> a function in mountlist.c (declared in the .h file)
> by which to encapsulate this mount-entry freeing process.

Good idea - also df doesn't free the mount_list:

valgrind --leak-check=full --show-reachable=yes src/df /
==3835== Memcheck, a memory error detector
==3835== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==3835== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==3835== Command: src/df /
==3835==
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/sda1       12095032 7434584   4046048  65% /
==3835==
==3835== HEAP SUMMARY:
==3835==     in use at exit: 3,013 bytes in 149 blocks
==3835==   total heap usage: 657 allocs, 508 frees, 41,101 bytes allocated
==3835==
==3835== 144 bytes in 1 blocks are still reachable in loss record 1 of 5
==3835==    at 0x4C297CD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3835==    by 0x40A1B8: xmalloc (xmalloc.c:43)
==3835==    by 0x402F90: main (xalloc.h:113)
==3835==
==3835== 254 bytes in 37 blocks are still reachable in loss record 2 of 5
==3835==    at 0x4C297CD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3835==    by 0x40A1B8: xmalloc (xmalloc.c:43)
==3835==    by 0x40A2CB: xmemdup (xmalloc.c:115)
==3835==    by 0x40AE8E: read_file_system_list (mountlist.c:420)
==3835==    by 0x4028F8: main (df.c:1097)
==3835==
==3835== 292 bytes in 37 blocks are still reachable in loss record 3 of 5
==3835==    at 0x4C297CD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3835==    by 0x40A1B8: xmalloc (xmalloc.c:43)
==3835==    by 0x40A2CB: xmemdup (xmalloc.c:115)
==3835==    by 0x40AE75: read_file_system_list (mountlist.c:418)
==3835==    by 0x4028F8: main (df.c:1097)
==3835==
==3835== 547 bytes in 37 blocks are still reachable in loss record 4 of 5
==3835==    at 0x4C297CD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3835==    by 0x40A1B8: xmalloc (xmalloc.c:43)
==3835==    by 0x40A2CB: xmemdup (xmalloc.c:115)
==3835==    by 0x40AE81: read_file_system_list (mountlist.c:419)
==3835==    by 0x4028F8: main (df.c:1097)
==3835==
==3835== 1,776 bytes in 37 blocks are still reachable in loss record 5 of 5
==3835==    at 0x4C297CD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3835==    by 0x40A1B8: xmalloc (xmalloc.c:43)
==3835==    by 0x40AE69: read_file_system_list (mountlist.c:417)
==3835==    by 0x4028F8: main (df.c:1097)
==3835==
==3835== LEAK SUMMARY:
==3835==    definitely lost: 0 bytes in 0 blocks
==3835==    indirectly lost: 0 bytes in 0 blocks
==3835==      possibly lost: 0 bytes in 0 blocks
==3835==    still reachable: 3,013 bytes in 149 blocks
==3835==         suppressed: 0 bytes in 0 blocks
==3835==
==3835== For counts of detected and suppressed errors, rerun with: -v
==3835== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 6 from 6)

The first one can be covered by "IF_LINT ( free (columns));",
but the others come from calling read_file_system_list().

Free()ing the memory should of course be guarded by IF_LINT, too.

Have a nice day,
Berny
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 29 Oct 2012 11:24:03 GMT) Full text and rfc822 format available.
This bug report was last modified 12 years and 286 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.