2015-07-28 04:20:50

by Atul Kumar Rai

[permalink] [raw]
Subject: [PATCH v3] android/client: Fix memory leak while using realloc()

While reallocating space to store additional "remote device set" using
realloc, if realloc() fails, the original block is left untouched but
reference to that block is lost as NULL is assigned to remote_devices.
The original block needs to be freed before return.
---
android/client/if-bt.c | 9 +++++++++
1 file changed, 9 insertions(+)

diff --git a/android/client/if-bt.c b/android/client/if-bt.c
index 4723024..c9acf6c 100644
--- a/android/client/if-bt.c
+++ b/android/client/if-bt.c
@@ -118,10 +118,19 @@ void add_remote_device(const bt_bdaddr_t *addr)

/* Realloc space if needed */
if (remote_devices_cnt >= remote_devices_capacity) {
+ bt_bdaddr_t *tmp;
+
remote_devices_capacity *= 2;
+ /*
+ * Save reference to previously allocated memory block so that
+ * it can be freed in case realloc fails.
+ */
+ tmp = remote_devices;
+
remote_devices = realloc(remote_devices, sizeof(bt_bdaddr_t) *
remote_devices_capacity);
if (remote_devices == NULL) {
+ free(tmp);
remote_devices_capacity = 0;
remote_devices_cnt = 0;
return;
--
2.1.4



2015-07-29 07:29:01

by Szymon Janc

[permalink] [raw]
Subject: Re: [PATCH v3] android/client: Fix memory leak while using realloc()

Hi Atul,

On Tuesday 28 of July 2015 09:50:50 Atul Rai wrote:
> While reallocating space to store additional "remote device set" using
> realloc, if realloc() fails, the original block is left untouched but
> reference to that block is lost as NULL is assigned to remote_devices.
> The original block needs to be freed before return.
> ---
> android/client/if-bt.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/android/client/if-bt.c b/android/client/if-bt.c
> index 4723024..c9acf6c 100644
> --- a/android/client/if-bt.c
> +++ b/android/client/if-bt.c
> @@ -118,10 +118,19 @@ void add_remote_device(const bt_bdaddr_t *addr)
>
> /* Realloc space if needed */
> if (remote_devices_cnt >= remote_devices_capacity) {
> + bt_bdaddr_t *tmp;
> +
> remote_devices_capacity *= 2;
> + /*
> + * Save reference to previously allocated memory block so that
> + * it can be freed in case realloc fails.
> + */
> + tmp = remote_devices;
> +
> remote_devices = realloc(remote_devices, sizeof(bt_bdaddr_t) *
> remote_devices_capacity);
> if (remote_devices == NULL) {
> + free(tmp);
> remote_devices_capacity = 0;
> remote_devices_cnt = 0;
> return;

Applied, thanks.

--
BR
Szymon Janc