From 94ee1251cb0984ca2683c682dda0bb4ab8148508 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 23 Apr 2010 23:55:03 -0400 Subject: [PATCH 1/2] fix a leak when unpausing evrpc requests --- evrpc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/evrpc.c b/evrpc.c index ba72e24d..43f4dcb5 100644 --- a/evrpc.c +++ b/evrpc.c @@ -774,6 +774,7 @@ evrpc_resume_request(void *vbase, void *ctx, enum EVRPC_HOOK_RESULT res) (*pause->cb)(pause->ctx, res); TAILQ_REMOVE(head, pause, next); + mm_free(pause); return (0); } From f6ab2a2811477547347b395789c0340c38603944 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 23 Apr 2010 23:55:30 -0400 Subject: [PATCH 2/2] Fix a memory leak when unmarshalling RPC object arrays The old code would use type_var_add() for its side-effect of expanding the array, then leak the new object that was added to the array. The new code adds a static function to handle the array resizing. --- event_rpcgen.py | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/event_rpcgen.py b/event_rpcgen.py index 9eb75762..05f0a362 100755 --- a/event_rpcgen.py +++ b/event_rpcgen.py @@ -1134,20 +1134,29 @@ class EntryArray(Entry): 'msg->%(name)s_data[msg->%(name)s_length - 1]' % self.GetTranslation(), 'value') code = [ + 'static int', + '%(parent_name)s_%(name)s_expand_to_hold_more(' + 'struct %(parent_name)s *msg)', + '{', + ' int tobe_allocated = msg->%(name)s_num_allocated;', + ' %(ctype)s* new_data = NULL;', + ' tobe_allocated = !tobe_allocated ? 1 : tobe_allocated << 1;', + ' new_data = (%(ctype)s*) realloc(msg->%(name)s_data,', + ' tobe_allocated * sizeof(%(ctype)s));', + ' if (new_data == NULL)', + ' return -1;', + ' msg->%(name)s_data = new_data;', + ' msg->%(name)s_num_allocated = tobe_allocated;', + ' return 0;' + '}', + '', '%(ctype)s %(optpointer)s', '%(parent_name)s_%(name)s_add(' 'struct %(parent_name)s *msg%(optaddarg)s)', '{', ' if (++msg->%(name)s_length >= msg->%(name)s_num_allocated) {', - ' int tobe_allocated = msg->%(name)s_num_allocated;', - ' %(ctype)s* new_data = NULL;', - ' tobe_allocated = !tobe_allocated ? 1 : tobe_allocated << 1;', - ' new_data = (%(ctype)s*) realloc(msg->%(name)s_data,', - ' tobe_allocated * sizeof(%(ctype)s));', - ' if (new_data == NULL)', + ' if (%(parent_name)s_%(name)s_expand_to_hold_more(msg)<0)', ' goto error;', - ' msg->%(name)s_data = new_data;', - ' msg->%(name)s_num_allocated = tobe_allocated;', ' }' ] code = TranslateList(code, self.GetTranslation()) @@ -1193,17 +1202,14 @@ class EntryArray(Entry): 'buf' : buf, 'tag' : tag_name, 'init' : self._entry.GetInitializer()}) - if self._optaddarg: - code = [ - 'if (%(parent_name)s_%(name)s_add(%(var)s, %(init)s) == NULL)', - ' return (-1);' ] - else: - code = [ - 'if (%(parent_name)s_%(name)s_add(%(var)s) == NULL)', - ' return (-1);' ] + code = [ + 'if (%(var)s->%(name)s_length >= %(var)s->%(name)s_num_allocated &&', + ' %(parent_name)s_%(name)s_expand_to_hold_more(%(var)s) < 0) {', + ' puts("HEY NOW");', + ' return (-1);', + '}'] # the unmarshal code directly returns - code += [ '--%(var)s->%(name)s_length;' % translate ] code = TranslateList(code, translate) self._index = '%(var)s->%(name)s_length' % translate