libsel4utils: load_segment memory leak bug
hello: i found a bug memory leak bug in libsel4utils/src/elf.c static int load_segment(vspace_t *loadee_vspace, vspace_t *loader_vspace, vka_t *loadee_vka, vka_t *loader_vka, const char *src, size_t file_size, int num_regions, sel4utils_elf_region_t regions[num_regions], int region_index) { seL4_CPtr loader_slot; cspacepath_t loader_frame_cap; error = vka_cspace_alloc(loader_vka, &loader_slot); [1] while (pos < segment_size && error == seL4_NoError) { reservation_t reservation; if (loadee_vaddr < region.reservation_vstart) { if ((region_index - 1) < 0) { ZF_LOGE("Invalid regions: bad elf file."); return 1; [2] } } if [2] happned, it not free the prev alloc memory, and then it's memory will be leaked. i think the correct way is invoke vka_cspace_free() before return.
Hi wzt,
i found a bug memory leak bug in libsel4utils/src/elf.c
static int load_segment(vspace_t *loadee_vspace, vspace_t *loader_vspace, vka_t *loadee_vka, vka_t *loader_vka, const char *src, size_t file_size, int num_regions, sel4utils_elf_region_t regions[num_regions], int region_index) { seL4_CPtr loader_slot; cspacepath_t loader_frame_cap;
error = vka_cspace_alloc(loader_vka, &loader_slot); // [1] while (pos < segment_size && error == seL4_NoError) { reservation_t reservation; if (loadee_vaddr < region.reservation_vstart) { if ((region_index - 1) < 0) { ZF_LOGE("Invalid regions: bad elf file."); return 1; // [2] } }
if [2] happned, it not free the prev alloc memory, and then it's memory will be leaked. i think the correct way is invoke vka_cspace_free() before return.
Indeed, This looks like a bug. Could you create an issue at https://github.com/seL4/seL4_libs/issues and in case you already have a patch to fix this, also create a pull request there? Axel
Probably preaching to the choir, but at least somebody dabbling in the code might be interested: Such an error is possible anywhere you have a function with more than a single point of exit. Wherever possible, code should only have one point of entry and one point of exit whether it is a function or a code block. Hopefully there are not a lot of these in the code. I see this done by a lot of strong coders, but it's still poor practice that leads to bugs. Real code in production sees changes from coders who may not be aware of cleanup required. Even if various branches carefully clean up in the original code, a single change can break the system. I try to construct the allocate, check, action, deallocate logic similar to the below before coding the action. static statustype myfun(argtype arg){ statustype mystatus=S_FAILURE; itemtype myitem=allocateitem(arg); if(myitem==NULL) { LogError(S_ITEMEMPTY,"FAILED"); } else { mystatus=action(myitem); deallocateitem(myitem); } return(mystatus); } Code above is working C code that I did as a reality check. If somebody wants to tinker, they can get in touch and I will email the source file if they like. Cheers! On Mon, May 31, 2021 at 5:46 AM Axel Heider <axelheider@gmx.de> wrote:
Hi wzt,
i found a bug memory leak bug in libsel4utils/src/elf.c
static int load_segment(vspace_t *loadee_vspace, vspace_t *loader_vspace, vka_t *loadee_vka, vka_t *loader_vka, const char *src, size_t file_size, int num_regions, sel4utils_elf_region_t regions[num_regions], int region_index) { seL4_CPtr loader_slot; cspacepath_t loader_frame_cap;
error = vka_cspace_alloc(loader_vka, &loader_slot); // [1] while (pos < segment_size && error == seL4_NoError) { reservation_t reservation; if (loadee_vaddr < region.reservation_vstart) { if ((region_index - 1) < 0) { ZF_LOGE("Invalid regions: bad elf file."); return 1; // [2] } }
if [2] happned, it not free the prev alloc memory, and then it's memory will be leaked. i think the correct way is invoke vka_cspace_free() before return.
Indeed, This looks like a bug. Could you create an issue at https://github.com/seL4/seL4_libs/issues and in case you already have a patch to fix this, also create a pull request there?
Axel _______________________________________________ Devel mailing list -- devel@sel4.systems To unsubscribe send an email to devel-leave@sel4.systems
-- Bob Trower --- From Gmail webmail account. ---
participants (3)
-
Axel Heider
-
Bob Trower
-
wzt wzt