|
 |
a82cae |
From 979ae704ddc9e6f19d8dbf7a83bea155065ef3cc Mon Sep 17 00:00:00 2001
|
|
|
a82cae |
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
|
a82cae |
Date: Mon, 6 Feb 2017 15:26:09 +0100
|
|
|
a82cae |
Subject: [PATCH] prevent leak of class name from retrieve_hook() on an
|
|
|
a82cae |
exception
|
|
|
a82cae |
MIME-Version: 1.0
|
|
|
a82cae |
Content-Type: text/plain; charset=UTF-8
|
|
|
a82cae |
Content-Transfer-Encoding: 8bit
|
|
|
a82cae |
|
|
|
a82cae |
Ported from perl:
|
|
|
a82cae |
|
|
|
a82cae |
commit da1ec2b1b9abdfd956d9c539abf39d908d046304
|
|
|
a82cae |
Author: Tony Cook <tony@develop-help.com>
|
|
|
a82cae |
Date: Mon Feb 6 11:38:10 2017 +1100
|
|
|
a82cae |
|
|
|
a82cae |
prevent leak of class name from retrieve_hook() on an exception
|
|
|
a82cae |
|
|
|
a82cae |
If supplied with a large class name, retrieve_hook() allocates
|
|
|
a82cae |
buffer for the class name and Safefree()s it on exit path.
|
|
|
a82cae |
|
|
|
a82cae |
Unfortunately this memory leaks if load_module() (or a couple of other
|
|
|
a82cae |
code paths) throw an exception.
|
|
|
a82cae |
|
|
|
a82cae |
So use SAVEFREEPV() to release the memory instead.
|
|
|
a82cae |
|
|
|
a82cae |
==20183== 193 bytes in 1 blocks are definitely lost in loss record 4 of 6
|
|
|
a82cae |
==20183== at 0x4C28C20: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
|
|
|
a82cae |
==20183== by 0x55F85D: Perl_safesysmalloc (util.c:153)
|
|
|
a82cae |
==20183== by 0x6ACA046: retrieve_hook (Storable.xs:4265)
|
|
|
a82cae |
==20183== by 0x6AD6D19: retrieve (Storable.xs:6217)
|
|
|
a82cae |
==20183== by 0x6AD8144: do_retrieve (Storable.xs:6401)
|
|
|
a82cae |
==20183== by 0x6AD85B7: pretrieve (Storable.xs:6506)
|
|
|
a82cae |
==20183== by 0x6AD8E14: XS_Storable_pretrieve (Storable.xs:6718)
|
|
|
a82cae |
==20183== by 0x5C176D: Perl_pp_entersub (pp_hot.c:4227)
|
|
|
a82cae |
==20183== by 0x55E1C6: Perl_runops_debug (dump.c:2450)
|
|
|
a82cae |
==20183== by 0x461B79: S_run_body (perl.c:2528)
|
|
|
a82cae |
==20183== by 0x46115C: perl_run (perl.c:2451)
|
|
|
a82cae |
==20183== by 0x41F1CD: main (perlmain.c:123)
|
|
|
a82cae |
|
|
|
a82cae |
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
|
a82cae |
---
|
|
|
a82cae |
Storable.xs | 9 +++++----
|
|
|
a82cae |
1 file changed, 5 insertions(+), 4 deletions(-)
|
|
|
a82cae |
|
|
|
a82cae |
diff --git a/Storable.xs b/Storable.xs
|
|
|
a82cae |
index 3cce3ed..75ce3df 100644
|
|
|
a82cae |
--- a/Storable.xs
|
|
|
a82cae |
+++ b/Storable.xs
|
|
|
a82cae |
@@ -4249,6 +4249,11 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname)
|
|
|
a82cae |
|
|
|
a82cae |
TRACEME(("class name: %s", classname));
|
|
|
a82cae |
|
|
|
a82cae |
+ if (!(flags & SHF_IDX_CLASSNAME) && classname != buf) {
|
|
|
a82cae |
+ /* some execution paths can throw an exception */
|
|
|
a82cae |
+ SAVEFREEPV(classname);
|
|
|
a82cae |
+ }
|
|
|
a82cae |
+
|
|
|
a82cae |
/*
|
|
|
a82cae |
* Decode user-frozen string length and read it in an SV.
|
|
|
a82cae |
*
|
|
|
a82cae |
@@ -4367,8 +4372,6 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname)
|
|
|
a82cae |
SEEN0(sv, 0);
|
|
|
a82cae |
SvRV_set(attached, NULL);
|
|
|
a82cae |
SvREFCNT_dec(attached);
|
|
|
a82cae |
- if (!(flags & SHF_IDX_CLASSNAME) && classname != buf)
|
|
|
a82cae |
- Safefree(classname);
|
|
|
a82cae |
return sv;
|
|
|
a82cae |
}
|
|
|
a82cae |
CROAK(("STORABLE_attach did not return a %s object", classname));
|
|
|
a82cae |
@@ -4449,8 +4452,6 @@ static SV *retrieve_hook(pTHX_ stcxt_t *cxt, const char *cname)
|
|
|
a82cae |
SvREFCNT_dec(frozen);
|
|
|
a82cae |
av_undef(av);
|
|
|
a82cae |
sv_free((SV *) av);
|
|
|
a82cae |
- if (!(flags & SHF_IDX_CLASSNAME) && classname != buf)
|
|
|
a82cae |
- Safefree(classname);
|
|
|
a82cae |
|
|
|
a82cae |
/*
|
|
|
a82cae |
* If we had an <extra> type, then the object was not as simple, and
|
|
|
a82cae |
--
|
|
|
a82cae |
2.7.4
|
|
|
a82cae |
|