Potential Memory Leak in inn-2.6.0/lib/getaddrinfo.c

Julien ÉLIE julien at trigofacile.com
Tue Oct 13 19:27:55 UTC 2015


Hi Bill,

> In reviewing source code in inn-2.6.0, I found a call to strdup() in
> file 'getaddrinfo.c', which upon failure does not release the memory
> previously allocated to variable 'sin' via calloc().

getaddrinfo.c comes from the rra-c-util package maintained by Russ.  I 
bet he will tell when and if your kind patch is taken into account.



> Also, in sub-directory 'innfeed', file config_y.c, there are
> numerous instances of calls to calloc() which are not checked for a
> return value of NULL, indicating failure.

Would changing all calloc() calls to xcalloc() suit you?
(The same way that file already uses xmalloc().)



 > confparse.c:1090:45: warning: Access to field 'file' results in a 
dereference
 > of a null pointer (loaded from variable 'group')
 >         syswarn("%s:%u: open of %s failed", group->file, group->line, 
path);
 >                                             ^~~~~~~~~~~

group->file comes from the group struct given to parse_include(), which 
comes from the result of group_new() that uses file->filename from the 
file variable given to parse_group() taking it from 
parse_group_contents() that takes it from file_open().
When file_open() fails, it returns NULL and neither parse_group() nor 
parse_group_contents() are called.  Otherwise, file->filename is not NULL.
Besides, the group variable struct created by group_new() is not NULL.

I therefore do not see where the issue comes from.  Maybe a false 
positive from clang?

Or does it just want:

   if (group == NULL)
     return false;

at the beginning of the parse_include() function?

Yet, if that is the case, I do not understand why clang does not 
complain for line 1058 just before, where group->file is also used:
   slash = strrchr(group->file, '/');



 > confparse.c:1093:21: warning: Access to field 'included' results in a 
dereference
 > of a null pointer (loaded from variable 'group')
 >    group->included = path;
 >    ~~~~~           ^

I don't understand this one.  We're affecting "path" to 
"group->included", and not reading the value of "group->included".
group is also not NULL (created with group_new()).

-- 
Julien ÉLIE

« Les femmes seront les égales des hommes le jour où elles
   accepteront d'être chauves et de trouver que cela distingue. »
   (Coluche)


More information about the inn-workers mailing list