From d5b1c5ed8bd9515505d4177f105c19ea375106ae Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 7 Jan 2015 12:10:52 +0530 Subject: setenv fix memory leak when setting large, duplicate string (BZ #17658) glibc maintains a binary tree of environment strings it malloc()ed itself. However, it's possible for it to malloc() a string, then find that an identical string is already in the tree. In this case, the memory is leaked and is not freed if the application later calls __libc_freeres(). Fix this by freeing 'new_value' when it's unneeded. Test case: #include #include int main() { char *p = calloc(100000, 1); memset(p, 'A', 99999); setenv("TESTVAR", p, 1); setenv("TESTVAR", p, 1); free(p); } Leak that was reported by valgrind: 100,008 bytes in 1 blocks are definitely lost in loss record 1 of 1 at 0x4C29F90: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x4E6B3D4: __add_to_environ (setenv.c:176) by 0x4C31B8F: setenv (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) by 0x400642: main (in /mnt/tmpfs/a.out) --- NEWS | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 85828857a0..bec70dc04c 100644 --- a/NEWS +++ b/NEWS @@ -14,10 +14,10 @@ Version 2.21 17273, 17344, 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17581, 17582, 17583, 17584, 17585, 17589, 17594, 17601, 17608, 17616, 17625, - 17630, 17633, 17634, 17635, 17647, 17653, 17657, 17664, 17665, 17668, - 17682, 17717, 17719, 17722, 17723, 17724, 17725, 17732, 17733, 17744, - 17745, 17746, 17747, 17775, 17777, 17780, 17781, 17782, 17793, 17796, - 17797, 17806 + 17630, 17633, 17634, 17635, 17647, 17653, 17657, 17658, 17664, 17665, + 17668, 17682, 17717, 17719, 17722, 17723, 17724, 17725, 17732, 17733, + 17744, 17745, 17746, 17747, 17775, 17777, 17780, 17781, 17782, 17793, + 17796, 17797, 17806 * i386 memcpy functions optimized with SSE2 unaligned load/store. -- cgit 1.4.1