From unknown Sat Aug 16 11:39:59 2025 X-Loop: help-debbugs@gnu.org Subject: bug#31439: Possible memory leak in fts.c Resent-From: ISE Development Original-Sender: "Debbugs-submit" Resent-CC: bug-coreutils@gnu.org Resent-Date: Sun, 13 May 2018 08:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 31439 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: 31439@debbugs.gnu.org X-Debbugs-Original-To: bug-coreutils@gnu.org Reply-To: isedev@gmail.com Received: via spool by submit@debbugs.gnu.org id=B.15262003599924 (code B ref -1); Sun, 13 May 2018 08:33:02 +0000 Received: (at submit) by debbugs.gnu.org; 13 May 2018 08:32:39 +0000 Received: from localhost ([127.0.0.1]:60153 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fHmQp-0002a0-7c for submit@debbugs.gnu.org; Sun, 13 May 2018 04:32:39 -0400 Received: from eggs.gnu.org ([208.118.235.92]:56564) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fHg9w-0001iM-3a for submit@debbugs.gnu.org; Sat, 12 May 2018 21:50:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fHg9q-0007gI-3A for submit@debbugs.gnu.org; Sat, 12 May 2018 21:50:42 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:54168) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fHg9p-0007fc-VD for submit@debbugs.gnu.org; Sat, 12 May 2018 21:50:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47535) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fHg9o-0005JL-Ot for bug-coreutils@gnu.org; Sat, 12 May 2018 21:50:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fHg9l-0007YJ-Km for bug-coreutils@gnu.org; Sat, 12 May 2018 21:50:40 -0400 Received: from mail-wr0-x234.google.com ([2a00:1450:400c:c0c::234]:43291) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fHg9l-0007Xo-CE for bug-coreutils@gnu.org; Sat, 12 May 2018 21:50:37 -0400 Received: by mail-wr0-x234.google.com with SMTP id v15-v6so8753567wrm.10 for ; Sat, 12 May 2018 18:50:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:reply-to:to:date:mime-version :content-transfer-encoding; bh=Ck9hvHnsKJgd1hcPZG/SMggLZeih8wnYTXUv8tPWEJQ=; b=o8F489GGzeISfghXKCyL0Hi2w0ChIx3sxJDCclUPLS+1PjCUP0jOQ2j0DBv6UVb+9k PVtvjEE23IwX7PObU3TcMNen0ECxnrXXUQiFmBXwpEgLDQ+1nf34yEWUoN6DjXq/XPnn YboK+XNGrqWQBTmHOQqyKmfV1JNN+KbCldbxUTzFk8yCabLwsRqXqm4MuuLcDQUm55sM nBAdZXjCOmPrAx6p/VlJFr+AXuW0xUqsjtQiVjJEHdL17G1zsh0F6JPteAaNLDG9sCaw vBjoaiF52NG8wNRmY1SQkSVUSNkxp/cuqECCVpDt+Xez3V5pPW36Ci+iZQ8k9cml4hnS mbPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:reply-to:to:date :mime-version:content-transfer-encoding; bh=Ck9hvHnsKJgd1hcPZG/SMggLZeih8wnYTXUv8tPWEJQ=; b=jyuPZVzkFtxQ6EeQL97de9c+/A5delg2qmiW8eGRzvBTWcfGydLtRbqScIm4CMmFQK u53Ltx8Zk6siPST9r8cOrSiNJx2eEfzD/V3cHYHHQe9xV9eV9lhXrQwF4wqXXW1uxtLU ikMU0/3UW5JAwvG+ioUKomrrI26fOt/TkcVuCkB+nGM1u/UvkCf3A2TpIU+xqLv3oyvw hRcXjktZNV0S2aEPunq3Lpbdv8Y1rYhQex0+rSHkBawcYTWN1WH7hgWzKsF+ipFES7Yq zardwYukp04VYuEnEKaB9pLk8HA78XiUxKJNvGhjeqHFIXX2fqkvzEAZe7BIqBDvI23H GCnA== X-Gm-Message-State: ALKqPwdkH1yUvcK2IgPZ5NC6S18suPdqKksyKzbSUiPxYlxS3TYqw+Kx Brn13C9/jRgFRNjAJUlIMPf4aSRL X-Google-Smtp-Source: AB8JxZq4CYUZAW7CvM+XQAfw0h56vSzkXg6HIf0cQ2ROfQny1d0nS0yFRuRqVVJmUkBvNBv10V1z5A== X-Received: by 2002:adf:da4b:: with SMTP id r11-v6mr3027846wrl.154.1526176235842; Sat, 12 May 2018 18:50:35 -0700 (PDT) Received: from core.net.isedev.eu (cpc112689-nmal22-2-0-cust433.19-2.cable.virginm.net. [86.13.29.178]) by smtp.gmail.com with ESMTPSA id m69-v6sm5324005wmd.47.2018.05.12.18.50.34 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 12 May 2018 18:50:35 -0700 (PDT) Message-ID: <1526176234.17728.14.camel@gmail.com> From: ISE Development Content-Type: text/plain; charset="UTF-8" Date: Sun, 13 May 2018 02:50:34 +0100 Mime-Version: 1.0 X-Mailer: Evolution 3.24.6 (3.24.6-1.fc26) Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Mailman-Approved-At: Sun, 13 May 2018 04:32:37 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi, I may be wrong but I suspect there is a corner case where fts_close() will not free the FTSENT structures correctly if called immediately after fts_open(). After fts_open(), the current entry is a dummy entry created as follows: if ((sp->fts_cur = fts_alloc(sp, "", 0)) == NULL) goto mem3; sp->fts_cur->fts_link = root; sp->fts_cur->fts_info = FTS_INIT; It would normally be freed during the first invocation of fts_read(). In fts_close(): if (sp->fts_cur) { for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) { freep = p; p = p->fts_link != NULL ? p->fts_link : p->fts_parent; free(freep); } free(p); } However, fts_alloc() does not clear or set fts_level, nor does it zero the entire FTSENT structure. So as far as I can figure, it is possible for the fts_level of the dummy entry to be negative after fts_open() causing fts_close() not to free the actual root level entries. -- isedev From unknown Sat Aug 16 11:39:59 2025 X-Loop: help-debbugs@gnu.org Subject: bug#31439: Possible memory leak in fts.c Resent-From: =?UTF-8?Q?P=C3=A1draig?= Brady Original-Sender: "Debbugs-submit" Resent-CC: bug-coreutils@gnu.org Resent-Date: Mon, 14 May 2018 00:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31439 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: isedev@gmail.com, 31439@debbugs.gnu.org Received: via spool by 31439-submit@debbugs.gnu.org id=B31439.152625923019043 (code B ref 31439); Mon, 14 May 2018 00:54:02 +0000 Received: (at 31439) by debbugs.gnu.org; 14 May 2018 00:53:50 +0000 Received: from localhost ([127.0.0.1]:32902 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI1kL-0004x5-W2 for submit@debbugs.gnu.org; Sun, 13 May 2018 20:53:50 -0400 Received: from mail.magicbluesmoke.com ([82.195.144.49]:52170) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI1kL-0004wx-AT for 31439@debbugs.gnu.org; Sun, 13 May 2018 20:53:49 -0400 Received: from localhost.localdomain (unknown [76.21.115.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 454249B04; Mon, 14 May 2018 01:53:48 +0100 (IST) References: <1526176234.17728.14.camel@gmail.com> From: =?UTF-8?Q?P=C3=A1draig?= Brady Message-ID: Date: Sun, 13 May 2018 17:53:46 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <1526176234.17728.14.camel@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On 12/05/18 18:50, ISE Development wrote: > Hi, > > I may be wrong but I suspect there is a corner case where fts_close() > will not free the FTSENT structures correctly if called immediately > after fts_open(). > > After fts_open(), the current entry is a dummy entry created as > follows: > > if ((sp->fts_cur = fts_alloc(sp, "", 0)) == NULL) > goto mem3; > sp->fts_cur->fts_link = root; > sp->fts_cur->fts_info = FTS_INIT; > > It would normally be freed during the first invocation of fts_read(). > > In fts_close(): > > if (sp->fts_cur) { > for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) { > freep = p; > p = p->fts_link != NULL ? p->fts_link : p->fts_parent; > free(freep); > } > free(p); > } > > However, fts_alloc() does not clear or set fts_level, nor does it zero > the entire FTSENT structure. > > So as far as I can figure, it is possible for the fts_level of the > dummy entry to be negative after fts_open() causing fts_close() not to > free the actual root level entries. valgrind should tell us. I tweaked chmod to call fts_close() right after xfts_open() and got: ==21011== Conditional jump or move depends on uninitialised value(s) ==21011== at 0x4066C6: fts_close (fts.c:609) ==21011== by 0x401B7F: process_files (chmod.c:337) ==21011== by 0x401B7F: main (chmod.c:572) Just as you surmised. Patch coming up... (to gnulib) thanks! Pádraig From unknown Sat Aug 16 11:39:59 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: isedev@gmail.com Subject: bug#31439: closed ([PATCH] fts: avoid a memory leak edge case) Message-ID: References: <7bc40e54-17a7-93f2-3d94-4852f7891fa1@draigBrady.com> <1526176234.17728.14.camel@gmail.com> X-Gnu-PR-Message: they-closed 31439 X-Gnu-PR-Package: coreutils Reply-To: 31439@debbugs.gnu.org Date: Mon, 14 May 2018 01:52:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1526262722-24058-1" This is a multi-part message in MIME format... ------------=_1526262722-24058-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #31439: Possible memory leak in fts.c which was filed against the coreutils package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 31439@debbugs.gnu.org. --=20 31439: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D31439 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1526262722-24058-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 31439-done) by debbugs.gnu.org; 14 May 2018 01:51:08 +0000 Received: from localhost ([127.0.0.1]:32937 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI2do-0006Ev-EN for submit@debbugs.gnu.org; Sun, 13 May 2018 21:51:08 -0400 Received: from mail.magicbluesmoke.com ([82.195.144.49]:55280) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI2dm-0006Em-5Y for 31439-done@debbugs.gnu.org; Sun, 13 May 2018 21:51:06 -0400 Received: from localhost.localdomain (unknown [76.21.115.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.magicbluesmoke.com (Postfix) with ESMTPSA id 4B2BE9EA9; Mon, 14 May 2018 02:51:04 +0100 (IST) Subject: [PATCH] fts: avoid a memory leak edge case To: isedev@gmail.com, 31439-done@debbugs.gnu.org, bug-gnulib References: <1526176234.17728.14.camel@gmail.com> From: =?UTF-8?Q?P=c3=a1draig_Brady?= Message-ID: <7bc40e54-17a7-93f2-3d94-4852f7891fa1@draigBrady.com> Date: Sun, 13 May 2018 18:51:02 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <1526176234.17728.14.camel@gmail.com> Content-Type: multipart/mixed; boundary="------------C462BEDE94CD57BEB82B3469" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 31439-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is a multi-part message in MIME format. --------------C462BEDE94CD57BEB82B3469 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit On 12/05/18 18:50, ISE Development wrote: > Hi, > > I may be wrong but I suspect there is a corner case where fts_close() > will not free the FTSENT structures correctly if called immediately > after fts_open(). > > After fts_open(), the current entry is a dummy entry created as > follows: > > if ((sp->fts_cur = fts_alloc(sp, "", 0)) == NULL) > goto mem3; > sp->fts_cur->fts_link = root; > sp->fts_cur->fts_info = FTS_INIT; > > It would normally be freed during the first invocation of fts_read(). > > In fts_close(): > > if (sp->fts_cur) { > for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) { > freep = p; > p = p->fts_link != NULL ? p->fts_link : p->fts_parent; > free(freep); > } > free(p); > } > > However, fts_alloc() does not clear or set fts_level, nor does it zero > the entire FTSENT structure. > > So as far as I can figure, it is possible for the fts_level of the > dummy entry to be negative after fts_open() causing fts_close() not to > free the actual root level entries. Yes valgrind indicates that fts_level is uninitialized if you fts_close() right after fts_open(). The attached should fix it up. thanks! Pádraig --------------C462BEDE94CD57BEB82B3469 Content-Type: text/x-patch; name="fts-dealloc.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="fts-dealloc.patch" =46rom 71b6724aa2e2843da7b73151d13c678452a59c7f Mon Sep 17 00:00:00 2001 From: =3D?UTF-8?q?P=3DC3=3DA1draig=3D20Brady?=3D Date: Sun, 13 May 2018 18:42:37 -0700 Subject: [PATCH] fts: avoid a memory leak edge case * lib/fts.c (fts_open): Set an appropriate fts_level so that an immediate fts_close() will free the allocation. * tests/test-fts.c (fts_dealloc): Add a test case which will trigger under valgrind or address sanitizer. Fixes https://bugs.gnu.org/31439 --- ChangeLog | 9 +++++++++ lib/fts.c | 1 + tests/test-fts.c | 23 ++++++++++++++++++++++- 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 24fd4da..e1b9c7e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2018-05-13 P=C3=A1draig Brady + + fts: avoid a memory leak edge case + * lib/fts.c (fts_open): Set an appropriate fts_level + so that an immediate fts_close() will free the allocation. + * tests/test-fts.c (fts_dealloc): Add a test case which + will trigger under valgrind or address sanitizer. + Fixes https://bugs.gnu.org/31439 + 2018-05-13 Bruno Haible =20 nl_langinfo: Fix compilation error on Android. diff --git a/lib/fts.c b/lib/fts.c index d543510..1ccc78c 100644 --- a/lib/fts.c +++ b/lib/fts.c @@ -546,6 +546,7 @@ fts_open (char * const *argv, goto mem3; sp->fts_cur->fts_link =3D root; sp->fts_cur->fts_info =3D FTS_INIT; + sp->fts_cur->fts_level =3D 1; if (! setup_dir (sp)) goto mem3; =20 diff --git a/tests/test-fts.c b/tests/test-fts.c index ad15aff..a9c1dd8 100644 --- a/tests/test-fts.c +++ b/tests/test-fts.c @@ -38,6 +38,23 @@ perror_exit (char const *message, int status) exit (status); } =20 +/* alloc/dealloc to ensure structures initialized appropriately. */ +static void +fts_dealloc (void) +{ + static char dir[] =3D "./"; + static char *const curr_dir[2] =3D { dir, 0 }; + FTSENT *e; + FTS *ftsp =3D fts_open (curr_dir, FTS_NOSTAT | FTS_PHYSICAL | FTS_CWDF= D, 0); + if (ftsp) + { + if (fts_close (ftsp) !=3D 0) + perror_exit ("fts_close", 9); + } + else + perror_exit (base, 10); +} + /* Remove BASE and all files under it. */ static void remove_tree (void) @@ -122,9 +139,10 @@ main (void) perror_exit (base, 6); while ((e =3D fts_read (ftsp))) needles_seen +=3D strcmp (e->fts_name, "needle") =3D=3D 0; - fflush (stdout); if (errno) perror_exit ("fts_read", 7); + if (fts_close (ftsp) !=3D 0) + perror_exit (base, 8); =20 /* Report an error if we did not find the needles. */ if (needles_seen !=3D needles) @@ -140,5 +158,8 @@ main (void) fprintf (stderr, "fts could not remove directory\n"); return 1; } + + fts_dealloc (); + return 0; } --=20 2.9.3 --------------C462BEDE94CD57BEB82B3469-- ------------=_1526262722-24058-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 13 May 2018 08:32:39 +0000 Received: from localhost ([127.0.0.1]:60153 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fHmQp-0002a0-7c for submit@debbugs.gnu.org; Sun, 13 May 2018 04:32:39 -0400 Received: from eggs.gnu.org ([208.118.235.92]:56564) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fHg9w-0001iM-3a for submit@debbugs.gnu.org; Sat, 12 May 2018 21:50:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fHg9q-0007gI-3A for submit@debbugs.gnu.org; Sat, 12 May 2018 21:50:42 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:54168) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fHg9p-0007fc-VD for submit@debbugs.gnu.org; Sat, 12 May 2018 21:50:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47535) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fHg9o-0005JL-Ot for bug-coreutils@gnu.org; Sat, 12 May 2018 21:50:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fHg9l-0007YJ-Km for bug-coreutils@gnu.org; Sat, 12 May 2018 21:50:40 -0400 Received: from mail-wr0-x234.google.com ([2a00:1450:400c:c0c::234]:43291) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fHg9l-0007Xo-CE for bug-coreutils@gnu.org; Sat, 12 May 2018 21:50:37 -0400 Received: by mail-wr0-x234.google.com with SMTP id v15-v6so8753567wrm.10 for ; Sat, 12 May 2018 18:50:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:reply-to:to:date:mime-version :content-transfer-encoding; bh=Ck9hvHnsKJgd1hcPZG/SMggLZeih8wnYTXUv8tPWEJQ=; b=o8F489GGzeISfghXKCyL0Hi2w0ChIx3sxJDCclUPLS+1PjCUP0jOQ2j0DBv6UVb+9k PVtvjEE23IwX7PObU3TcMNen0ECxnrXXUQiFmBXwpEgLDQ+1nf34yEWUoN6DjXq/XPnn YboK+XNGrqWQBTmHOQqyKmfV1JNN+KbCldbxUTzFk8yCabLwsRqXqm4MuuLcDQUm55sM nBAdZXjCOmPrAx6p/VlJFr+AXuW0xUqsjtQiVjJEHdL17G1zsh0F6JPteAaNLDG9sCaw vBjoaiF52NG8wNRmY1SQkSVUSNkxp/cuqECCVpDt+Xez3V5pPW36Ci+iZQ8k9cml4hnS mbPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:reply-to:to:date :mime-version:content-transfer-encoding; bh=Ck9hvHnsKJgd1hcPZG/SMggLZeih8wnYTXUv8tPWEJQ=; b=jyuPZVzkFtxQ6EeQL97de9c+/A5delg2qmiW8eGRzvBTWcfGydLtRbqScIm4CMmFQK u53Ltx8Zk6siPST9r8cOrSiNJx2eEfzD/V3cHYHHQe9xV9eV9lhXrQwF4wqXXW1uxtLU ikMU0/3UW5JAwvG+ioUKomrrI26fOt/TkcVuCkB+nGM1u/UvkCf3A2TpIU+xqLv3oyvw hRcXjktZNV0S2aEPunq3Lpbdv8Y1rYhQex0+rSHkBawcYTWN1WH7hgWzKsF+ipFES7Yq zardwYukp04VYuEnEKaB9pLk8HA78XiUxKJNvGhjeqHFIXX2fqkvzEAZe7BIqBDvI23H GCnA== X-Gm-Message-State: ALKqPwdkH1yUvcK2IgPZ5NC6S18suPdqKksyKzbSUiPxYlxS3TYqw+Kx Brn13C9/jRgFRNjAJUlIMPf4aSRL X-Google-Smtp-Source: AB8JxZq4CYUZAW7CvM+XQAfw0h56vSzkXg6HIf0cQ2ROfQny1d0nS0yFRuRqVVJmUkBvNBv10V1z5A== X-Received: by 2002:adf:da4b:: with SMTP id r11-v6mr3027846wrl.154.1526176235842; Sat, 12 May 2018 18:50:35 -0700 (PDT) Received: from core.net.isedev.eu (cpc112689-nmal22-2-0-cust433.19-2.cable.virginm.net. [86.13.29.178]) by smtp.gmail.com with ESMTPSA id m69-v6sm5324005wmd.47.2018.05.12.18.50.34 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 12 May 2018 18:50:35 -0700 (PDT) Message-ID: <1526176234.17728.14.camel@gmail.com> Subject: Possible memory leak in fts.c From: ISE Development To: bug-coreutils@gnu.org Content-Type: text/plain; charset="UTF-8" Date: Sun, 13 May 2018 02:50:34 +0100 Mime-Version: 1.0 X-Mailer: Evolution 3.24.6 (3.24.6-1.fc26) Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sun, 13 May 2018 04:32:37 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: isedev@gmail.com Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi, I may be wrong but I suspect there is a corner case where fts_close() will not free the FTSENT structures correctly if called immediately after fts_open(). After fts_open(), the current entry is a dummy entry created as follows: if ((sp->fts_cur = fts_alloc(sp, "", 0)) == NULL) goto mem3; sp->fts_cur->fts_link = root; sp->fts_cur->fts_info = FTS_INIT; It would normally be freed during the first invocation of fts_read(). In fts_close(): if (sp->fts_cur) { for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) { freep = p; p = p->fts_link != NULL ? p->fts_link : p->fts_parent; free(freep); } free(p); } However, fts_alloc() does not clear or set fts_level, nor does it zero the entire FTSENT structure. So as far as I can figure, it is possible for the fts_level of the dummy entry to be negative after fts_open() causing fts_close() not to free the actual root level entries. -- isedev ------------=_1526262722-24058-1-- From unknown Sat Aug 16 11:39:59 2025 X-Loop: help-debbugs@gnu.org Subject: bug#31439: [PATCH] fts: avoid a memory leak edge case Resent-From: Kamil Dudka Original-Sender: "Debbugs-submit" Resent-CC: bug-coreutils@gnu.org Resent-Date: Mon, 14 May 2018 08:07:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31439 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: =?UTF-8?Q?P=C3=A1draig?= Brady Cc: isedev@gmail.com, bug-gnulib@gnu.org, 31439@debbugs.gnu.org, 31439-done@debbugs.gnu.org X-Debbugs-Original-Cc: isedev@gmail.com, bug-gnulib , bug-coreutils@gnu.org, 31439-done@debbugs.gnu.org Received: via spool by submit@debbugs.gnu.org id=B.152628520927294 (code B ref -1); Mon, 14 May 2018 08:07:01 +0000 Received: (at submit) by debbugs.gnu.org; 14 May 2018 08:06:49 +0000 Received: from localhost ([127.0.0.1]:33149 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI8VM-00076A-TO for submit@debbugs.gnu.org; Mon, 14 May 2018 04:06:49 -0400 Received: from eggs.gnu.org ([208.118.235.92]:42079) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI8VL-00075m-Vj for submit@debbugs.gnu.org; Mon, 14 May 2018 04:06:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fI8VF-0005PO-Ti for submit@debbugs.gnu.org; Mon, 14 May 2018 04:06:42 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:39274) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fI8VF-0005P9-QE for submit@debbugs.gnu.org; Mon, 14 May 2018 04:06:41 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33030) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fI8VC-0005pP-F7 for bug-coreutils@gnu.org; Mon, 14 May 2018 04:06:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fI8VB-0005MJ-QX for bug-coreutils@gnu.org; Mon, 14 May 2018 04:06:38 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:60190 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fI8VB-0005Ld-L3; Mon, 14 May 2018 04:06:37 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CF239F63E4; Mon, 14 May 2018 08:06:36 +0000 (UTC) Received: from kdudka-nb.localnet (unknown [10.43.2.7]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0EA951102E31; Mon, 14 May 2018 08:06:35 +0000 (UTC) From: Kamil Dudka Date: Mon, 14 May 2018 10:06:53 +0200 Message-ID: <46255241.Q7TL09QWni@kdudka-nb> In-Reply-To: <7bc40e54-17a7-93f2-3d94-4852f7891fa1@draigBrady.com> References: <1526176234.17728.14.camel@gmail.com> <7bc40e54-17a7-93f2-3d94-4852f7891fa1@draigBrady.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Mon, 14 May 2018 08:06:36 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Mon, 14 May 2018 08:06:36 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'kdudka@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.1 (-----) On Monday, May 14, 2018 3:51:02 AM CEST P=E1draig Brady wrote: > @@ -122,9 +139,10 @@ main (void) > perror_exit (base, 6); > while ((e =3D fts_read (ftsp))) > needles_seen +=3D strcmp (e->fts_name, "needle") =3D=3D 0; > - fflush (stdout); > if (errno) > perror_exit ("fts_read", 7); > + if (fts_close (ftsp) !=3D 0) > + perror_exit (base, 8); > =20 > /* Report an error if we did not find the needles. */ > if (needles_seen !=3D needles) Why are you removing fflush (stdout) from the test without any explanation? Kamil From unknown Sat Aug 16 11:39:59 2025 X-Loop: help-debbugs@gnu.org Subject: bug#31439: [PATCH] fts: avoid a memory leak edge case Resent-From: Bruno Haible Original-Sender: "Debbugs-submit" Resent-CC: bug-coreutils@gnu.org Resent-Date: Mon, 14 May 2018 08:29:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31439 X-GNU-PR-Package: coreutils X-GNU-PR-Keywords: To: bug-gnulib@gnu.org Cc: isedev@gmail.com, kdudka@redhat.com, 31439@debbugs.gnu.org, P@draigbrady.com, 31439-done@debbugs.gnu.org X-Debbugs-Original-Cc: isedev@gmail.com, Kamil Dudka , bug-coreutils@gnu.org, =?UTF-8?Q?P=C3=A1draig?= Brady , 31439-done@debbugs.gnu.org Received: via spool by 31439-done@debbugs.gnu.org id=D31439.152628653829591 (code D ref 31439); Mon, 14 May 2018 08:29:01 +0000 Received: (at 31439-done) by debbugs.gnu.org; 14 May 2018 08:28:58 +0000 Received: from localhost ([127.0.0.1]:33221 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI8qn-0007hC-Tx for submit@debbugs.gnu.org; Mon, 14 May 2018 04:28:58 -0400 Received: from mo4-p01-ob.smtp.rzone.de ([85.215.255.51]:35644) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI8qm-0007h2-1s for 31439-done@debbugs.gnu.org; Mon, 14 May 2018 04:28:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1526286534; s=strato-dkim-0002; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=pbdbs/96jUDm/WT0T+43MR6jhUjyWJceVF2ggQ4cGNU=; b=qPJZBYJjMd0mzOzwOgf5aNnvRPS9I0x8T1Xih9LNdOiKlCUxIPCeuxl40pPeNW1hQA ShRmr+SX8YXtiFGUEL1WGqH6UudvG3BEk5Hun6XHazS7DB6Gnx9nDxW6xtJ4zI5CXZay rcUceBJqmHVQC/ssttKBOCQuN+df32eytex41TjW8urXF/+1bmBiuFecXjT3l4nGCY30 /QI4mzDIVcaSR3M5TwM6yQRCV0izLG4CbMb2wYu2QoTQTfkfXVxHk6yrfkNyQfaZ4XEc lDBXJ756yY2zUEsm9velTn1RE2VAsIXzH/p6SqGOzwdzaI0lFhUj4vcbHEWoriTMQTL0 Lk9A== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH+AHjwLuWOGKf9zfs=" X-RZG-CLASS-ID: mo00 Received: from bruno.haible.de by smtp.strato.de (RZmta 43.8 DYNA|AUTH) with ESMTPSA id e09803u4E8Sson0 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Mon, 14 May 2018 10:28:54 +0200 (CEST) From: Bruno Haible Date: Mon, 14 May 2018 10:28:53 +0200 Message-ID: <5036781.ng7yQjcPWf@omega> User-Agent: KMail/5.1.3 (Linux/4.4.0-119-generic; KDE/5.18.0; x86_64; ; ) In-Reply-To: <46255241.Q7TL09QWni@kdudka-nb> References: <1526176234.17728.14.camel@gmail.com> <7bc40e54-17a7-93f2-3d94-4852f7891fa1@draigBrady.com> <46255241.Q7TL09QWni@kdudka-nb> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Kamil Dudka wrote: > Why are you removing fflush (stdout) from the test without any explanation? Yes, fflush(stdout) statements are extremely important if you want to understand/debug test failures on native Windows. Bruno