blob: 83d21e2ec72ef3e4f8d09ea4f036b03f44866f67 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
From patchwork Wed Oct 21 06:02:30 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: libc/stdlib: canonicalize_file_name() memory leak
From: =?utf-8?q?Wojciech_Nizi=C5=84ski?= <niziak@spox.org>
X-Patchwork-Id: 533608
Message-Id: <loom.20151021T080015-833@post.gmane.org>
To: uclibc@uclibc.org
Date: Wed, 21 Oct 2015 06:02:30 +0000 (UTC)
System based on Buildroot 2014.11
Linux 3.10.88
uclibc 0.9.33.2 (also with 1.0.2)
systemd 216
gcc 4.8.3 (also with 4.9.2)
Bug:
After 2 days system is out of memory. PID 1 (systemd) is allocating.
over 120MB od RAM..
Just after reboot PID 1 is taking only about 600kB.
How to reproduce:
With every systemd service reload or restart, heap of PID 1 grows.
Try with command:
watch -n1 \
'systemctl stop systemd-sysctl ; grep heap /proc/1/smaps -A15; free'
Source of bug:
Uclibc's canonicalize_file_name() is allocating temprary buffer of.
4kB (PATH_MAX), and passing it to realpath() as second argument..
Function canonicalize... is not checking if realpath() fails and.
memory is lost.
Backtrace:
#0 malloc (bytes=4096) at libc/stdlib/malloc-standard/malloc.c:844
#1 canonicalize_file_name.
(name="/etc/systemd/system/systemd-sysctl.service.d") at.
libc/stdlib/canonicalize.c:30
#2 path_strv_resolve (...) at src/shared/path-util.c:275
Solution:
Do not use temporary buffer like in eglibc.
Function realpath() will be responsible for allocation.
From: Wojciech Nizinski <w.nizinski@grinn-global.com>
Date: Tue, 20 Oct 2015 14:08:09 +0200
Subject: [PATCH]libc/stdlib: canonicalize_file_name() memory leak
Uclibc's canonicalize_file_name() is allocating temprary buffer of 4kB
(PATH_MAX), and passing it to realpath() as second argument. Function is
not checking if realpath() fails and memory is lost.
---
Upstream-Status: Submitted
libc/stdlib/canonicalize.c | 21 +--------------------
1 file changed, 1 insertion(+), 20 deletions(-)
diff --git a/libc/stdlib/canonicalize.c b/libc/stdlib/canonicalize.c
index 06e710a..da09d58 100644
--- a/libc/stdlib/canonicalize.c
+++ b/libc/stdlib/canonicalize.c
@@ -9,30 +9,11 @@
*/
#include <stdlib.h>
-#include <limits.h>
#ifdef __USE_GNU
-#ifndef PATH_MAX
-# ifdef _POSIX_VERSION
-# define PATH_MAX _POSIX_PATH_MAX
-# else
-# ifdef MAXPATHLEN
-# define PATH_MAX MAXPATHLEN
-# else
-# define PATH_MAX 1024
-# endif
-# endif
-#endif
-
char * canonicalize_file_name (const char *name)
{
- char *buf = (char *) malloc(PATH_MAX);
-
- if(unlikely(buf == NULL))
- return NULL;
-
- *buf='\0';
- return realpath (name, buf);
+ return realpath (name, NULL);
}
#endif
|