lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <boris.20231116141906@codesynthesis.com>
Date:   Thu, 16 Nov 2023 14:28:57 +0200
From:   Boris Kolpackov <boris@...esynthesis.com>
To:     Masahiro Yamada <masahiroy@...nel.org>
Cc:     linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kconfig: fix memory leak from range properties

Masahiro Yamada <masahiroy@...nel.org> writes:

> Currently, sym_validate_range() duplicates the range string using
> xstrdup(), which is overwritten by a subsequent sym_calc_value() call.
> It results in a memory leak.
> 
> [After]
> 
>   LEAK SUMMARY:
>      definitely lost: 0 bytes in 0 blocks
>      indirectly lost: 0 bytes in 0 blocks
>        possibly lost: 0 bytes in 0 blocks
>      still reachable: 17,462 bytes in 20 blocks
>           suppressed: 0 bytes in 0 blocks

FYI, there are quite a few other memory leaks in Kconfig (as evident from
the still reachable value in the above report). I believe I've fixed most
of them in this commit:

https://github.com/build2-packaging/kconfig/commit/cd9910e3636515b2980ce1d37d1984ccfd6b4cb9

In particular, I could load the Linux kernel configuration repeatedly
in a loop without causing any memory leaks or crashes (which were common
due to the state not being reset properly).

I believe the above commit also includes a fix for the sym_validate_range()
leak in question, though the way it's fixed is different. The potential
problem with the proposed fix is that it may be impossible to decide who
should free the shared value.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ