From ea089f8c71775bc0e37c00883bcf3244f0683c7b Mon Sep 17 00:00:00 2001 From: Marcelo Araujo Date: Fri, 25 May 2018 02:07:05 +0000 Subject: [PATCH] Fix a memory leak on topology_parse(). strdup(3) allocates memory for a copy of the string, does the copy and returns a pointer to it. If there is no sufficient memory NULL is returned and the global errno is set to ENOMEM. We do a sanity check to see if it was possible to allocate enough memory. Also as we allocate memory, we need to free this memory used. Or it will going out of scope leaks the storage it points to. Reviewed by: rgrimes MFC after: 3 weeks. X-MFC: r332298 Sponsored by: iXsystems Inc. Differential Revision: https://reviews.freebsd.org/D15550 --- usr.sbin/bhyve/bhyverun.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/usr.sbin/bhyve/bhyverun.c b/usr.sbin/bhyve/bhyverun.c index 8c8033249e0a..6e813a10001e 100644 --- a/usr.sbin/bhyve/bhyverun.c +++ b/usr.sbin/bhyve/bhyverun.c @@ -193,6 +193,7 @@ topology_parse(const char *opt) c = 1, n = 1, s = 1, t = 1; ns = false, scts = false; str = strdup(opt); + assert(str != NULL); while ((cp = strsep(&str, ",")) != NULL) { if (sscanf(cp, "%i%n", &tmp, &chk) == 1) { @@ -218,11 +219,13 @@ topology_parse(const char *opt) } else if (cp[0] == '\0') continue; else - return (-1); + goto out; /* Any trailing garbage causes an error */ if (cp[chk] != '\0') - return (-1); + goto out; } + free(str); + /* * Range check 1 <= n <= UINT16_MAX all values */ @@ -248,6 +251,10 @@ topology_parse(const char *opt) cores = c; threads = t; return(0); + +out: + free(str); + return (-1); } static int