This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Xenstored: eliminate double free and fixes for memory leak

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Xenstored: eliminate double free and fixes for memory leak
From: "Peter Teoh" <htmldeveloper@xxxxxxxxx>
Date: Mon, 17 Sep 2007 10:19:52 +0800
Delivery-date: Sun, 16 Sep 2007 19:20:31 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=J47iZ37uTSoPc78Slj1f01a4iuUVTEkU9NVb8VGTGKU=; b=GIT/goTLJaHZfJt4aBIrWq5qtlTI9lqXKkm7SAXnpkUt4sNjQjtDwDmigHTsF0Yk0yLabzfKHs8IWnB5fRT7iatK7QdR3QGPdCpE0QwfeTNBbdHiVOs3mzgi9SsAAOrrVCLpbVx3YjY69pnVDb2pesyAntXUplLg0RydikQpPTg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=WC7kdiSNkKddJ7BmrNhhYnrrR4+w4XWInnJzzT0Rn/B8bIMdbXD6CnUr+hOJnnGtbCyu04VOUYiF/Mcb43g1slzhkeQr7bwyOUO37/BUdjIKX22CP0Ygr8hTuCXirs2UtbL/kgqsvyLFaivJnso2itUDe9VnNscwq8cXvfhat+0=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Please review.   This patch fixes a few problems:

a.   In handle_input(), which is called from main() in
xenstored_core.c, the conn->in is freed when there is no error, but
conn is freed when there is error.   This is inconsistent.  Moreover,
the conn is freed again upon exit from handle_input(), inside the

b.   Another problem is that perms_to_strings() returned a allocated
memory (via realloc()).   The only time the value is returned is in
do_get_perms(), but immediately after send_reply(), the pointer is
immediately thrown away, resulting in a memory leak condition, as
send_reply() does not free any memory.

c.   Many of the functions like read_node(), get_parent(),
talloc_asprintf() etc all will allocate memory and return a pointer
when memory is allocated, but many times these are not freed.

Another problem identified but which I cannot fix, is that
create_hashtable() can return NULL in low memory condition.   But this
is not checked in the recursive function check_store_().   There is no
value to specify error or not in the return value of check_store_()
(declared as void).   May be we should change this to unsigned int or
something like that, so that error condition can be returned?

I am still making changes to the same file, but was hesitant to
incorporate so many changes as it will make the review more difficult.

I will submit these further changes in the next posting.

Attachment: eliminate_double_free_and_mem_leak.patch
Description: Text Data

Xen-devel mailing list