[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

memory leak in execute_simple_command when dofork is true

From: Eduardo A . Bustamante López
Subject: memory leak in execute_simple_command when dofork is true
Date: Thu, 3 Nov 2016 22:35:55 -0600
User-agent: Mutt/1.5.20 (2009-12-10)

I ran the configure script with the following arguments:

    hp% ./configure CC=gcc-6 CFLAGS='-Wall -g -ggdb -O0 -fsanitize=address' 
LDFLAGS=-fsanitize=address --without-bash-malloc

Which enables the LeakSanitizer 

It detected the following memory leak:

    hp% ./bash -c ': & wait'
    ==5784==ERROR: LeakSanitizer: detected memory leaks
    Direct leak of 2 byte(s) in 1 object(s) allocated from:
        #0 0x7f0ec8737d28 in malloc 
        #1 0x559e5096b6cb in xmalloc 
        #2 0x559e508aa246 in execute_simple_command 
        #3 0x559e50899914 in execute_command_internal 
        #4 0x559e508a19a9 in execute_connection 
        #5 0x559e5089a6e9 in execute_command_internal 
        #6 0x559e5097c900 in parse_and_execute 
        #7 0x559e5086597f in run_one_command 
        #8 0x559e50863eaa in main /home/dualbus/local/src/gnu/bash/shell.c:724
        #9 0x7f0ec7eca2b0 in __libc_start_main 
    SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).

The leak is in line 4105, since the savestring function is called (which just a
strcpy/malloc wrapper), but the allocated memory is not FREE'd.

    hp% cat -n execute_cmd.c|sed -n '4100,4110p'
      4100           vast majority of cases. */
      4101        maybe_make_export_env ();
      4103        /* Don't let a DEBUG trap overwrite the command string to be 
saved with
      4104           the process/job associated with this child. */
      4105        if (make_child (savestring (the_printed_command_except_trap), 
async) == 0)
      4106          {
      4107            already_forked = 1;
      4108            simple_command->flags |= CMD_NO_FORK;
      4110            subshell_environment = SUBSHELL_FORK;         /* XXX */

The issue is more evident when running long commands:

    # This will start chewing chunks of ~2MB
    hp% bash -c 'while :; do : "$(printf '%.sx' {1..2097152})" & wait; done'

I think the fix is easy, since we just have to store the result of savestring
in a temporary pointer, so that we can later call FREE(p).

Eduardo Bustamante

reply via email to

[Prev in Thread] Current Thread [Next in Thread]