Regression in ash (crashing)

Rich Felker dalias at aerifal.cx
Thu Dec 13 04:09:02 UTC 2012


On Wed, Dec 12, 2012 at 03:48:49PM +0600, Vladislav Grishenko wrote:
> Hi Denys, Rich
> 
> Before 4ba6c5d3ba3d2c7922aff6b5c2e73b8325f1cf17 expfname pointer was never
> freed. 
> But after, under some circumstances expfname pointer contains garbage due
> copynode() doesn't handle it yet.
> Trivial fix attached, or different option would be to move that field out
> from nfile struct. 

I added some logging code to report each call to stalloc and
stunalloc, and the situation seems pretty simple to me: stunalloc is
being passed a pointer that's not equal to the pointer most recently
returned by stalloc. As far as I can tell, this is an interface
contract violation; stalloc and stunalloc are implementing a
lifo/stack allocation structure where only the top element can be
freed; attempting to free an element not at the top also frees
everything above the freed element.

As such, I think the free operation is just wrong and needs to be
reverted. If it's still desired to eliminate the "memory leak" (which
is not "permanent", only for the duration of a long-running loop
construct), the whole ugly stack allocator implementation should just
be discarded, and probably replaced with something analogous to talloc
(i.e. linking allocations so it's easy to free them all at once, but
also still possible to free individual allocations).

Rich


More information about the busybox mailing list