Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

String::changeBuffer memory leak and crash #3555

Closed
me21 opened this issue Aug 29, 2017 · 5 comments
Closed

String::changeBuffer memory leak and crash #3555

me21 opened this issue Aug 29, 2017 · 5 comments
Assignees
@d-a-v
Labels
component: core type: bug
Milestone
2.5.0

Comments

@me21
Copy link

me21 commented Aug 29, 2017
edited
Loading

According to realloc() description, if reallocation fails, old buffer is not freed and null pointer is returned.

Now see String::changeBuffer() implementation:

unsigned char String::changeBuffer(unsigned int maxStrLen) {
    size_t newSize = (maxStrLen + 16) & (~0xf);
    char *newbuffer = (char *) realloc(buffer, newSize);
    if(newbuffer) {
        size_t oldSize = capacity + 1; // include NULL.
        if (newSize > oldSize)
        {
            memset(newbuffer + oldSize, 0, newSize - oldSize);
        }
        capacity = newSize - 1;
        buffer = newbuffer;
        return 1;
    }
    buffer = newbuffer;
    return 0;
}

If newbuffer is null, then old buffer pointer is overwritten and lost, leading to memory leak.

Moreover, if String::indexOf is called later, it will try to dereference null buffer pointer.
@me21 me21 changed the title String::changeBuffer memory leak String::changeBuffer memory leak and crash Aug 29, 2017
@me21 me21 mentioned this issue Aug 29, 2017
Closed
@me21
Copy link
Author

me21 commented Aug 29, 2017
edited
Loading

Other places where buffer is not checked for NULL are String::getBytes, String::substring, String::replace(const String&, const String&), String::remove and String::lastIndexOf.

@me21
Copy link
Author

me21 commented Aug 30, 2017

This issue is partially duplicate of #3516, but perhaps buffer checking in the aforementioned functions is worth adding.

@d-a-v d-a-v mentioned this issue Dec 12, 2017
Closed
@igrr igrr added this to the 2.5.0 milestone Dec 27, 2017
@devyte devyte self-assigned this Jan 3, 2018
@devyte devyte assigned d-a-v and unassigned devyte Feb 8, 2018
@d-a-v
Copy link
Collaborator

d-a-v commented Feb 8, 2018

@me21 the bugs you mention have been fixed since then:

String::changeBuffer() and also realloc() behaviour in case of OOM.

Can you check if now all is OK on your side / ESPAsync libs ?

@me21
Copy link
Author

me21 commented Feb 8, 2018

Looks like. I will let know if something happens.

@d-a-v
Copy link
Collaborator

d-a-v commented Feb 8, 2018

Thanks!
Please open a new issue if something wrong is found.

@d-a-v d-a-v closed this as completed Feb 8, 2018
@Tito1337 Tito1337 mentioned this issue Feb 8, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@d-a-v d-a-v

Labels
component: core type: bug
Projects
None yet
Milestone
2.5.0
Development

No branches or pull requests
4 participants
@me21 @igrr @d-a-v @devyte