From patchwork Sat May 17 11:40:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Dmitry Kovalenko X-Patchwork-Id: 112450 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 63142385828E for ; Sat, 17 May 2025 11:40:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 63142385828E Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=postgrespro.ru header.i=@postgrespro.ru header.a=rsa-sha256 header.s=mx2023 header.b=eUBLl2tX X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail.postgrespro.ru (mail.postgrespro.ru [93.174.132.70]) by sourceware.org (Postfix) with ESMTPS id 9A3873858415 for ; Sat, 17 May 2025 11:40:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9A3873858415 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=postgrespro.ru Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=postgrespro.ru ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9A3873858415 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=93.174.132.70 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1747482018; cv=none; b=UCeUWzMyJZsJPasuCN/O8KjOlUkR2sKuGL+EOxC2mFbdaejKnaoj/abFQkqJ1hjbTOoh7qfRJkBsMQcj5zBl9zobsXmKouso2RYKJhT1Gd6AtpPeQtJBVj7Ynq/VMBrON7oQcl/EOGcJRDIVemcinuepoKCnn5309Z31B6GIcYE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1747482018; c=relaxed/simple; bh=negjmV55jt6l/ddBWwvyHmYtonCAwganX0G6hljCYIo=; h=DKIM-Signature:Message-ID:Date:MIME-Version:From:Subject:To; b=bdRUlD3FRaaHLrnSo5lb9EfMyQO8zfrYGo0RAD9RMjc5K6efRpyWn7AATOxuV6xpJoZQ9xi66Dvvq0RThho3hBX3eufEvBhuhLBkdG1beRuyD94ViJ6B6CMN9beVgcyYwryRvlZkUupB5UkjckiC1GN+dqQoZEM3OLEn6u33NHg= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9A3873858415 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=postgrespro.ru; s=mx2023; t=1747482013; bh=negjmV55jt6l/ddBWwvyHmYtonCAwganX0G6hljCYIo=; h=Message-ID:Date:User-Agent:From:Subject:To:From; b=eUBLl2tXbqtAA5cb0ngM9BvXBUdwO+YBg+GSokgU2QXB1XLQRL4kqZD2zFm1k57iV kmmOyKHo0fFEA9FKqAL6RoxZSykRhYrJagPfgW2I8B05TM3TnQlm8yHX4FCDreduEH gfWLZLNxcC+AbZPyzZrCvGVGXm4igZ4jke5NNdZVnhZSIEH3ilu0tLQdtwa6kpPgCM l8dAgd9LLIcH7LkG7uye3DhrlaJ+mqSf8ke/2B3GyReFIswto5bNVhKaa/RDgXJSgL ZNCEZPsq+GJPSlCVytPGR46m6DqRj6KxmM71LwchKDqVowUADseouNb6qGsteK2Klj tsog5X3Plz7bQ== Received: from [172.30.56.14] (unknown [213.171.56.12]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: d.kovalenko@postgrespro.ru) by mail.postgrespro.ru (Postfix/465) with ESMTPSA id 38E8160670 for ; Sat, 17 May 2025 14:40:13 +0300 (MSK) Message-ID: <2366b220-df55-429e-b492-aec3ac28e3cd@postgrespro.ru> Date: Sat, 17 May 2025 14:40:13 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Dmitry Kovalenko Subject: [PATCH] locale: memory leak in newlocale (BZ #25770) To: libc-alpha@sourceware.org Content-Language: ru X-KSMG-AntiPhishing: NotDetected, bases: 2025/05/17 11:05:00 X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 2.1.0.7854, bases: 2025/05/17 10:11:00 #27987673 X-KSMG-AntiVirus-Status: NotDetected, skipped X-KSMG-LinksScanning: not scanned, disabled by settings X-KSMG-Message-Action: skipped X-KSMG-Rule-ID: 1 X-Spam-Status: No, score=-13.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_LOTSOFHASH, RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org It is a fix for memory leak in the function 'newlocale' (the real name is __newlocale). There is not released a memory for the local buffer 'locale_path'. https://sourceware.org/bugzilla/show_bug.cgi?id=25770 I made the minimal changes to avoid the unnecessary reformating/refactoring of source code. Potentail problems: - in 'label__cleanup_and_return_null' free(...) may change the current errno. - in 'label__free_cnt_data_and_exit' _nl_remove_locale and __libc_rwlock_unlock may reset the current errno. All these problems were not added and exist in the current code. --- Patch was tested on Ubuntu 24.04. My 'LOCPATH' environment variable is "/snap/code/193/usr/lib/locale". With an original (system) libc I have the following problem:     #0 0x7d5c3aafc778 in realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:85     #1 0x7d5c394b05f2 in __argz_add_sep string/argz-addsep.c:34     #2 0x7d5c39439bdb in __newlocale locale/newlocale.c:111     #3 0x7d5c370e58fc (/lib/x86_64-linux-gnu/libp11-kit.so.0+0x1098fc) (BuildId: 1cbcd6ac7e0ff0259eb3acc14d556d2c1ec00cdc)     #4 0x7d5c3b14571e in call_init elf/dl-init.c:74     #5 0x7d5c3b145823 in call_init elf/dl-init.c:120     #6 0x7d5c3b145823 in _dl_init elf/dl-init.c:121     #7 0x7d5c3b15f59f  (/lib64/ld-linux-x86-64.so.2+0x1f59f) (BuildId: 1c8db5f83bba514f8fd5f1fb6d7be975be1bb855) SUMMARY: AddressSanitizer: 46 byte(s) leaked in 1 allocation(s). When I run with my corrected libc, through runtest.sh , all is OK. Signed-off-by: Dmitry Kovalenko From 70236429947b5685df66bddafdff2738daa7e960 Mon Sep 17 00:00:00 2001 From: "d.kovalenko" Date: Sat, 17 May 2025 13:33:16 +0300 Subject: [PATCH] locale: memory leak in newlocale (BZ #25770) To: libc-alpha@sourceware.org It is a fix for memory leak in the function 'newlocale' (the real name is __newlocale). There is not released a memory for the local buffer 'locale_path'. https://sourceware.org/bugzilla/show_bug.cgi?id=25770 I made the minimal changes to avoid the unnecessary reformating/refactoring of source code. Potentail problems: - in 'label__cleanup_and_return_null' free(...) may change the current errno. - in 'label__free_cnt_data_and_exit' _nl_remove_locale and __libc_rwlock_unlock may reset the current errno. All these problems were not added and exist in the current code. --- Patch was tested on Ubuntu 24.04. My 'LOCPATH' environment variable is "/snap/code/193/usr/lib/locale". With an original (system) libc I have the following problem: #0 0x7d5c3aafc778 in realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:85 #1 0x7d5c394b05f2 in __argz_add_sep string/argz-addsep.c:34 #2 0x7d5c39439bdb in __newlocale locale/newlocale.c:111 #3 0x7d5c370e58fc (/lib/x86_64-linux-gnu/libp11-kit.so.0+0x1098fc) (BuildId: 1cbcd6ac7e0ff0259eb3acc14d556d2c1ec00cdc) #4 0x7d5c3b14571e in call_init elf/dl-init.c:74 #5 0x7d5c3b145823 in call_init elf/dl-init.c:120 #6 0x7d5c3b145823 in _dl_init elf/dl-init.c:121 #7 0x7d5c3b15f59f (/lib64/ld-linux-x86-64.so.2+0x1f59f) (BuildId: 1c8db5f83bba514f8fd5f1fb6d7be975be1bb855) SUMMARY: AddressSanitizer: 46 byte(s) leaked in 1 allocation(s). When I run with my corrected libc, through runtest.sh , all is OK. Signed-off-by: Dmitry Kovalenko --- locale/newlocale.c | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/locale/newlocale.c b/locale/newlocale.c index d25a6038d3..a6990c70e9 100644 --- a/locale/newlocale.c +++ b/locale/newlocale.c @@ -45,8 +45,6 @@ __newlocale (int category_mask, const char *locale, locale_t base) const char *newnames[__LC_LAST]; struct __locale_struct result; locale_t result_ptr; - char *locale_path; - size_t locale_path_len; const char *locpath_var; int cnt; size_t names_len; @@ -90,16 +88,18 @@ __newlocale (int category_mask, const char *locale, locale_t base) return NULL; *result_ptr = result; - goto update; + goto label__update; } + { /* We perhaps really have to load some data. So we determine the path in which to look for the data now. The environment variable `LOCPATH' must only be used when the binary has no SUID or SGID bit set. If using the default path, we tell _nl_find_locale by passing null and it can check the canonical locale archive. */ - locale_path = NULL; - locale_path_len = 0; + + char *locale_path = NULL; + size_t locale_path_len = 0; locpath_var = getenv ("LOCPATH"); if (locpath_var != NULL && locpath_var[0] != '\0') @@ -135,7 +135,7 @@ __newlocale (int category_mask, const char *locale, locale_t base) if (cnt == __LC_LAST) /* Bogus category name. */ - ERROR_RETURN; + goto label__cleanup_and_error_return; /* Found the category this clause sets. */ specified_mask |= 1 << cnt; @@ -154,7 +154,7 @@ __newlocale (int category_mask, const char *locale, locale_t base) if (category_mask &~ specified_mask) /* The composite name did not specify all categories we need. */ - ERROR_RETURN; + goto label__cleanup_and_error_return; } /* Protect global data. */ @@ -171,7 +171,7 @@ __newlocale (int category_mask, const char *locale, locale_t base) cnt, &newnames[cnt]); if (result.__locales[cnt] == NULL) { - free_cnt_data_and_exit: + label__free_cnt_data_and_exit: while (cnt-- > 0) if (((category_mask & 1 << cnt) != 0) && result.__locales[cnt]->usage_count != UNDELETABLE) @@ -180,7 +180,7 @@ __newlocale (int category_mask, const char *locale, locale_t base) /* Critical section left. */ __libc_rwlock_unlock (__libc_setlocale_lock); - return NULL; + goto label__cleanup_and_return_null; } if (newnames[cnt] != _nl_C_name) @@ -200,7 +200,7 @@ __newlocale (int category_mask, const char *locale, locale_t base) if (result_ptr == NULL) { cnt = __LC_LAST; - goto free_cnt_data_and_exit; + goto label__free_cnt_data_and_exit; } if (base == NULL) @@ -258,11 +258,23 @@ __newlocale (int category_mask, const char *locale, locale_t base) free (base); } + free(locale_path); + /* Critical section left. */ __libc_rwlock_unlock (__libc_setlocale_lock); + goto label__update; + + label__cleanup_and_error_return: + free(locale_path); + ERROR_RETURN; + + label__cleanup_and_return_null: + free(locale_path); + return NULL; + } /* Update the special members. */ - update: + label__update: { union locale_data_value *ctypes = result_ptr->__locales[LC_CTYPE]->values; result_ptr->__ctype_b = (const unsigned short int *)