From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8BF39A0524; Thu, 6 May 2021 09:18:12 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7096E410F2; Thu, 6 May 2021 09:18:12 +0200 (CEST) Received: from szxga05-in.huawei.com (szxga05-in.huawei.com [45.249.212.191]) by mails.dpdk.org (Postfix) with ESMTP id 7B055410EE for ; Thu, 6 May 2021 09:18:10 +0200 (CEST) Received: from DGGEMS402-HUB.china.huawei.com (unknown [172.30.72.58]) by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4FbPwV6TnzzQjcM; Thu, 6 May 2021 15:14:50 +0800 (CST) Received: from [10.67.103.128] (10.67.103.128) by DGGEMS402-HUB.china.huawei.com (10.3.19.202) with Microsoft SMTP Server id 14.3.498.0; Thu, 6 May 2021 15:18:03 +0800 To: David Marchand CC: dev , "Yigit, Ferruh" , "Jerin Jacob Kollanukkaran" , Kiran Kumar Kokkilagadda References: <1619092340-4047-1-git-send-email-humin29@huawei.com> <1619092340-4047-2-git-send-email-humin29@huawei.com> From: "Min Hu (Connor)" Message-ID: <9b70e0c5-a451-faaa-ee7f-6f16d59e18dc@huawei.com> Date: Thu, 6 May 2021 15:18:03 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.67.103.128] X-CFilter-Loop: Reflected Subject: Re: [dpdk-dev] [PATCH 1/2] graph: fix memory leak X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 在 2021/5/4 22:15, David Marchand 写道: > On Thu, Apr 22, 2021 at 1:52 PM Min Hu (Connor) wrote: >> >> From: HongBo Zheng >> >> Fix function 'stats_mem_populate' return without >> free dynamic memory referenced by 'stats'. >> >> Fixes: af1ae8b6a32c ("graph: implement stats") >> Cc: stable@dpdk.org >> >> Signed-off-by: HongBo Zheng >> Signed-off-by: Min Hu (Connor) >> --- >> lib/librte_graph/graph_stats.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/lib/librte_graph/graph_stats.c b/lib/librte_graph/graph_stats.c >> index 125e08d..f698bb3 100644 >> --- a/lib/librte_graph/graph_stats.c >> +++ b/lib/librte_graph/graph_stats.c >> @@ -174,7 +174,7 @@ stats_mem_populate(struct rte_graph_cluster_stats **stats_in, >> cluster->stat.hz = rte_get_timer_hz(); >> node = graph_node_id_to_ptr(graph, id); >> if (node == NULL) >> - SET_ERR_JMP(ENOENT, err, "Failed to find node %s in graph %s", >> + SET_ERR_JMP(ENOENT, free, "Failed to find node %s in graph %s", >> graph_node->node->name, graph->name); >> cluster->nodes[cluster->nb_nodes++] = node; >> >> @@ -183,6 +183,8 @@ stats_mem_populate(struct rte_graph_cluster_stats **stats_in, >> *stats_in = stats; >> >> return 0; >> +free: >> + free(stats); >> err: >> return -rte_errno; >> } > > We have a double free with this change. > Hi, David, I will set "*stats_in " to NULL. As free(NULL) will just return and will not result bugs. > If realloc on stats returns the same location, but node lookup fails, > stats_in is left untouched and still points at the original stats > location. > This location is then freed in the free: label, and later is freed in > stats_mem_fini() from caller. > >