Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes from Coverity Report (12/01/2017) #66

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Fixes from Coverity Report (12/01/2017) #66

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
2ee3265
Update nxt_conn_write.c
RanierV Dec 1, 2017
676ab95
Update nxt_php_sapi.c
RanierV Dec 1, 2017
ec6cdeb
Update nxt_time_parse.c
RanierV Dec 1, 2017
858cb4d
Update nxt_socketpair.c
RanierV Dec 1, 2017
9173b78
Update nxt_process_title.c
RanierV Dec 1, 2017
a67463b
Update nxt_linux_sendfile.c
RanierV Dec 1, 2017
d28a21b
Update nxt_event_conn_job_sendfile.c
RanierV Dec 1, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update nxt_process_title.c 
CID 200480 (#2 of 2): Resource leak (RESOURCE_LEAK)22. leaked_storage: Variable p going out of scope leaks the storage it points to.
  • Loading branch information
@RanierV
RanierV authored Dec 1, 2017
commit 9173b78be5fee9308f302de890fc43363b29f160
18 changes: 12 additions & 6 deletions src/nxt_process_title.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,11 +116,6 @@ nxt_process_arguments(nxt_task_t *task, char **orig_argv, char ***orig_envp)
}
}

p = nxt_malloc(strings_size);
if (p == NULL) {
return;
}

if (argv_end == end) {
/*
* There is no reason to modify environ if arguments
Expand All @@ -130,6 +125,11 @@ nxt_process_arguments(nxt_task_t *task, char **orig_argv, char ***orig_envp)
goto done;
}

p = nxt_malloc(strings_size);
Copy link
Contributor

@alejandro-colomar alejandro-colomar Sep 1, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you move p after the other goto done, you'll arrive at nxt_free() with an uninitialized pointer, which will result in Undefined Behavior.

That is, consider you jump to done from line 125 after this patch. You'll free p, which is uninitialized, and contains a random value. That will likely crash.

if (p == NULL) {
goto done;
}

end = argv[0];

for (i = 0; argv[i] != NULL; i++) {
Expand All @@ -149,7 +149,7 @@ nxt_process_arguments(nxt_task_t *task, char **orig_argv, char ***orig_envp)

env = nxt_malloc(environ_size);
if (env == NULL) {
return;
goto done;
}

/*
Expand Down Expand Up @@ -178,6 +178,12 @@ nxt_process_arguments(nxt_task_t *task, char **orig_argv, char ***orig_envp)
}

done:
if (p != NULL) {
nxt_free(p);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, I just saw this old PR around, and had a fast look at it. nxt_free(), as well as free(3), can handle NULL just fine. The conditionals are not necessary.

}
if (env != NULL) {
nxt_free(env);
}

/* Preserve space for the trailing zero. */
end--;
Expand Down