GNU bug report logs - #32604
26.1.50; memory leak in connect_network_socket

Previous Next

Package: emacs;

Reported by: YAMAMOTO Mitsuharu <mituharu <at> math.s.chiba-u.ac.jp>

Date: Sat, 1 Sep 2018 05:40:02 UTC

Severity: normal

Found in version 26.1.50

Done: YAMAMOTO Mitsuharu <mituharu <at> math.s.chiba-u.ac.jp>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: mituharu <at> math.s.chiba-u.ac.jp
To: "Noam Postavsky" <npostavs <at> gmail.com>
Cc: 32604 <at> debbugs.gnu.org
Subject: bug#32604: 26.1.50; memory leak in connect_network_socket
Date: Mon, 3 Sep 2018 15:02:00 +0900

> YAMAMOTO Mitsuharu <mituharu <at> math.s.chiba-u.ac.jp> writes:
>
>> In connect_network_socket (in process.c), the memory pointed to
>> by the variable `sa’ doesn’t seem to be deallocated.
>>
>>   3328  struct sockaddr *sa = NULL;
>> :
>>   3347  while (!NILP (addrinfos))
>>   3348    {
>> :
>>   3359      if (sa)
>>   3360free (sa);
>>   3361      sa = xmalloc (addrlen);
>> :
>>   3533    }
>> :
>>
>> The following patch would fix the leak:
>
>> +  xfree (sa);
>
> I think we would need
>
>     record_unwind_protect_ptr (xfree, sa);
>
> to handle the case where an error is signaled.  Similar to how the
> socket closing is handled:
>
>       /* Make us close S if quit.  */
>       record_unwind_protect_int (close_file_unwind, s);
>

Indeed.  Could someone double-check the patch below?

				     YAMAMOTO Mitsuharu
				mituharu <at> math.s.chiba-u.ac.jp

diff --git a/src/process.c b/src/process.c
index 676f38446e..ff53b86844 100644
--- a/src/process.c
+++ b/src/process.c
@@ -3322,6 +3322,7 @@ connect_network_socket (Lisp_Object proc,
Lisp_Object addrinfos,
                         Lisp_Object use_external_socket_p)
 {
   ptrdiff_t count = SPECPDL_INDEX ();
+  ptrdiff_t count1 UNINIT;
   int s = -1, outch, inch;
   int xerrno = 0;
   int family;
@@ -3344,6 +3345,9 @@ connect_network_socket (Lisp_Object proc,
Lisp_Object addrinfos,
   /* Do this in case we never enter the while-loop below.  */
   s = -1;

+  record_unwind_protect_nothing ();
+  count1 = SPECPDL_INDEX ();
+
   while (!NILP (addrinfos))
     {
       Lisp_Object addrinfo = XCAR (addrinfos);
@@ -3356,9 +3360,8 @@ connect_network_socket (Lisp_Object proc,
Lisp_Object addrinfos,
 #endif

       addrlen = get_lisp_to_sockaddr_size (ip_address, &family);
-      if (sa)
-	free (sa);
-      sa = xmalloc (addrlen);
+      sa = xrealloc (sa, addrlen);
+      set_unwind_protect_ptr (count, xfree, sa);
       conv_lisp_to_sockaddr (family, ip_address, sa, addrlen);

       s = socket_to_use;
@@ -3520,7 +3523,7 @@ connect_network_socket (Lisp_Object proc,
Lisp_Object addrinfos,
 #endif /* !WINDOWSNT */

       /* Discard the unwind protect closing S.  */
-      specpdl_ptr = specpdl + count;
+      specpdl_ptr = specpdl + count1;
       emacs_close (s);
       s = -1;
       if (0 <= socket_to_use)
@@ -3591,6 +3594,7 @@ connect_network_socket (Lisp_Object proc,
Lisp_Object addrinfos,
 	  Lisp_Object data = get_file_errno_data (err, contact, xerrno);

 	  pset_status (p, list2 (Fcar (data), Fcdr (data)));
+	  unbind_to (count, Qnil);
 	  return;
 	}

@@ -3610,7 +3614,7 @@ connect_network_socket (Lisp_Object proc,
Lisp_Object addrinfos,
   p->outfd = outch;

   /* Discard the unwind protect for closing S, if any.  */
-  specpdl_ptr = specpdl + count;
+  specpdl_ptr = specpdl + count1;

   if (p->is_server && p->socktype != SOCK_DGRAM)
     pset_status (p, Qlisten);
@@ -3671,6 +3675,7 @@ connect_network_socket (Lisp_Object proc,
Lisp_Object addrinfos,
     }
 #endif

+  unbind_to (count, Qnil);
 }

 /* Create a network stream/datagram client/server process.  Treated
This bug report was last modified 6 years and 343 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.