From eb54f36c48417baaa3476fed4daa4ab6ad785a38 Mon Sep 17 00:00:00 2001 From: Jin JinRu Date: Fri, 29 Dec 2017 14:44:39 +0800 Subject: [PATCH] Fixed leak issues --- configure.ac | 2 +- src/common.c | 7 ++--- src/file.c | 6 ++-- src/malloc.c | 3 +- src/retrace.c | 12 +++++++- src/sock.c | 8 ------ src/strinject.c | 6 ++-- src/write.c | 41 +++++++++++++-------------- tools/spawn/spawn.c | 4 +-- tools/stringinjector/stringinjector.c | 19 ++++--------- 10 files changed, 50 insertions(+), 58 deletions(-) diff --git a/configure.ac b/configure.ac index 018b3975..002578dd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ(2.60) -AC_INIT([retrace], [1.0.0], [https://github.com/riboseinc/retrace/issues]) +AC_INIT([retrace], [1.0.1], [https://github.com/riboseinc/retrace/issues]) AM_INIT_AUTOMAKE([foreign subdir-objects -Wall]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/src/common.c b/src/common.c index 3cdecd23..da33524a 100644 --- a/src/common.c +++ b/src/common.c @@ -237,7 +237,7 @@ retrace_get_thread_file(void) if (pthread_getspecific(per_thread_logging) == NULL) { - FILE *out_file_tmp; + FILE *out_file_tmp = NULL; if (output_file_path) { char new_path[PATH_MAX + 1]; @@ -249,10 +249,9 @@ retrace_get_thread_file(void) real_snprintf(new_path, PATH_MAX, "%s.%u.%u", output_file_path, real_getpid(), pthread_self()); out_file_tmp = real_fopen(new_path, "a"); + if (out_file_tmp) + pthread_setspecific(per_thread_logging, (void *) out_file_tmp); } - - pthread_setspecific(per_thread_logging, (void *) out_file_tmp); - } return (FILE *) pthread_getspecific(per_thread_logging); diff --git a/src/file.c b/src/file.c index 92f43994..f63adae8 100644 --- a/src/file.c +++ b/src/file.c @@ -797,10 +797,10 @@ fcntl_v(int fildes, int cmd, va_list ap) r = real_fcntl(fildes, cmd, va_arg(ap, int)); if (r >= 0) { di = file_descriptor_get(fildes); - if (di->location != NULL) + if (di && di->location != NULL) { old_location = di->location; - - file_descriptor_update(r, di->type, old_location); + file_descriptor_update(r, di->type, old_location); + } } break; diff --git a/src/malloc.c b/src/malloc.c index 69db14a4..9602a9ac 100644 --- a/src/malloc.c +++ b/src/malloc.c @@ -237,14 +237,13 @@ void *RETRACE_IMPLEMENTATION(realloc)(void *ptr, size_t size) double fail_chance; int redirect = 0; + memset(&event_info, 0, sizeof(event_info)); if (ptr != NULL) { if (map_bit(ptr, 0) != 1) { event_info.extra_info = "Bad realloc (possibly already free)"; event_info.event_flags |= EVENT_FLAGS_PRINT_BEFORE; } } - - memset(&event_info, 0, sizeof(event_info)); event_info.function_name = "realloc"; event_info.function_group = RTR_FUNC_GRP_MEM; event_info.parameter_types = parameter_types; diff --git a/src/retrace.c b/src/retrace.c index 57005b39..ea1cc4b1 100644 --- a/src/retrace.c +++ b/src/retrace.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -159,7 +160,7 @@ check_executable(const char *bin_path, struct stat *st) static int check_binary_avail(const char *cmd_name, char **_bin_path) { - char *bin_path; + char *bin_path = NULL; struct stat st; int ret = -1; @@ -195,13 +196,20 @@ check_binary_avail(const char *cmd_name, char **_bin_path) break; tok = strtok(NULL, ":"); + + free(bin_path); + bin_path = NULL; } } else bin_path = strdup(cmd_name); + if (!bin_path) + return -1; + /* check avaiability of binary */ if (stat(bin_path, &st) != 0) { fprintf(stderr, "Coudln't find binary '%s' in system\n", cmd_name); + free(bin_path); return -1; } @@ -211,6 +219,8 @@ check_binary_avail(const char *cmd_name, char **_bin_path) return 0; } + free(bin_path); + return -1; } diff --git a/src/sock.c b/src/sock.c index 5779e11a..351a233a 100644 --- a/src/sock.c +++ b/src/sock.c @@ -627,7 +627,6 @@ ssize_t RETRACE_IMPLEMENTATION(sendmsg)(int sockfd, const struct msghdr *msg, in struct iovec *inject_iov = NULL; int inject_idx; - int redirected = 0; int enable_inject = 0; memset(&event_info, 0, sizeof(event_info)); @@ -677,13 +676,6 @@ ssize_t RETRACE_IMPLEMENTATION(sendmsg)(int sockfd, const struct msghdr *msg, in if (ret < 0) event_info.logging_level |= RTR_LOG_LEVEL_ERR; } - - if (redirected) { - event_info.extra_info = "[redirected]"; - event_info.event_flags = EVENT_FLAGS_PRINT_RAND_SEED | EVENT_FLAGS_PRINT_BACKTRACE; - event_info.logging_level |= RTR_LOG_LEVEL_FUZZ; - } - retrace_log_and_redirect_after(&event_info); if (enable_inject) { diff --git a/src/strinject.c b/src/strinject.c index 91894664..82265ced 100644 --- a/src/strinject.c +++ b/src/strinject.c @@ -617,7 +617,7 @@ inject(struct rtr_strinject_info *info, const void *buffer, size_t len, *inject_len = offset + addlen + taillen; *inject_buffer = real_malloc(*inject_len); - if (inject_buffer == 0) + if (*inject_buffer == NULL) goto done; real_memcpy(*inject_buffer, buffer, headlen); real_memcpy(*inject_buffer + offset + addlen, @@ -729,7 +729,7 @@ static size_t merge_iov_buffers(const struct iovec *iov, int iovcount, void **mb for (i = 0; i < iovcount; i++) { p = real_realloc(p, msize + iov[i].iov_len); if (!p) - return -1; + return 0; real_memcpy((char *) p + msize, iov[i].iov_base, iov[i].iov_len); msize += iov[i].iov_len; @@ -820,7 +820,7 @@ int rtr_str_inject_v(enum RTR_STRINJECT_FUNC_ID func_id, const struct iovec *iov /* merge iov buffers */ msize = merge_iov_buffers(iov, iovcount, &mbuf); - if (msize < 0) + if (msize == 0) return 0; /* perform injection for selected buffer */ diff --git a/src/write.c b/src/write.c index 8d89cb87..59d91825 100644 --- a/src/write.c +++ b/src/write.c @@ -156,29 +156,28 @@ ssize_t RETRACE_IMPLEMENTATION(writev)(int fd, const struct iovec *iov, int iovc for (i = 0; i < iovcnt; i++) total_nbytes += iov[i].iov_len; - if (rtr_get_config_single("incompleteio", ARGUMENT_TYPE_INT, ARGUMENT_TYPE_END, &incompleteio_limit)) { - incompleteio = 1; - real_nbytes = rtr_get_fuzzing_random() % total_nbytes; - if (real_nbytes <= incompleteio_limit) - real_nbytes = incompleteio_limit; - - if (real_nbytes > total_nbytes) - real_nbytes = total_nbytes; - - redirected = 1; - } else if (rtr_str_inject_v(STRINJECT_FUNC_WRITEV, iov, iovcnt, &inject_iov, &inject_idx)) { - redirected = 1; - enable_inject = 1; - - parameter_values[2] = &inject_iov; - } + if (total_nbytes > 0) { + if (rtr_get_config_single("incompleteio", ARGUMENT_TYPE_INT, ARGUMENT_TYPE_END, &incompleteio_limit)) { + incompleteio = 1; + real_nbytes = rtr_get_fuzzing_random() % total_nbytes; + if (real_nbytes <= incompleteio_limit) + real_nbytes = incompleteio_limit; + if (real_nbytes > total_nbytes) + real_nbytes = total_nbytes; + redirected = 1; + } else if (rtr_str_inject_v(STRINJECT_FUNC_WRITEV, iov, iovcnt, &inject_iov, &inject_idx)) { + redirected = 1; + enable_inject = 1; + + parameter_values[2] = &inject_iov; + } - if (redirected) { - event_info.extra_info = "[redirected]"; - event_info.event_flags = EVENT_FLAGS_PRINT_RAND_SEED | EVENT_FLAGS_PRINT_BACKTRACE; - event_info.logging_level |= RTR_LOG_LEVEL_FUZZ; + if (redirected) { + event_info.extra_info = "[redirected]"; + event_info.event_flags = EVENT_FLAGS_PRINT_RAND_SEED | EVENT_FLAGS_PRINT_BACKTRACE; + event_info.logging_level |= RTR_LOG_LEVEL_FUZZ; + } } - retrace_log_and_redirect_before(&event_info); ret = real_writev(fd, enable_inject ? inject_iov : iov, iovcnt); diff --git a/tools/spawn/spawn.c b/tools/spawn/spawn.c index af7cd19a..436b3b68 100644 --- a/tools/spawn/spawn.c +++ b/tools/spawn/spawn.c @@ -181,6 +181,7 @@ static int fork_cmd(struct rtr_spawn_opt *spawn_opt, struct fork_info *fi) tok = strtok(cmd, " "); if (!tok) { RTR_SPAWN_LOG("Invalid command '%s' at thread[#%d],\n", fi->cmd, fi->index); + free(cmd); return -1; } @@ -332,9 +333,8 @@ void rtr_spawn_finalize(struct rtr_spawn_opt *spawn_opt) /* wait until forking threads has been terminated */ for (i = 0; i < spawn_opt->num_of_forks; i++) { - if (spawn_opt->fork_list[i].th < 0) + if (spawn_opt->fork_list[i].th == 0) continue; - pthread_join(spawn_opt->fork_list[i].th, NULL); } diff --git a/tools/stringinjector/stringinjector.c b/tools/stringinjector/stringinjector.c index cd45ef7f..3fae3627 100644 --- a/tools/stringinjector/stringinjector.c +++ b/tools/stringinjector/stringinjector.c @@ -432,7 +432,7 @@ static void str_inject_func_t34(const char *src_fpath, const char *dst_fpath, co size_t read_total = 0; int inject_completed = 0; - char *inject; + char *inject = NULL; int i, count; size_t total_inject_bytes = 0; @@ -498,19 +498,14 @@ static void str_inject_func_t34(const char *src_fpath, const char *dst_fpath, co /* inject multiple hex values */ inject_multiple_hex(fp, dst_fp, buffer, read_total, read_bytes, inject, total_inject_bytes, pos, replace); - - /* free inject buffer */ - free(inject); - inject_completed = 1; } } - /* close destination file */ fclose(dst_fp); - - /* close source file */ fclose(fp); + + free(inject); } /* @@ -543,7 +538,7 @@ static void str_inject_func_t5(const char *src_fpath, const char *dst_fpath_temp /* open file which has inject lines */ inject_fp = open_file(inject_fpath, 1); - if (!inject_fpath) { + if (!inject_fp) { fprintf(stderr, "Couln't open file '%s' which has inject lines\n", inject_fpath); fclose(fp); @@ -576,10 +571,8 @@ static void str_inject_func_t5(const char *src_fpath, const char *dst_fpath_temp /* open destination file */ snprintf(dst_fpath, sizeof(dst_fpath), "%s.%d", dst_fpath_templ, inject_fcount); dst_fp = open_file(dst_fpath, 0); - if (!dst_fp) { - fclose(fp); + if (!dst_fp) continue; - } while (!feof(fp)) { size_t read_bytes; @@ -609,8 +602,8 @@ static void str_inject_func_t5(const char *src_fpath, const char *dst_fpath_temp inject_fcount++; } - /* close source file */ fclose(fp); + fclose(inject_fp); } /*