https://lists.gnu.org/archive/html/bug-bash/2024-01/msg00036.html
https://lists.gnu.org/archive/html/bug-bash/2024-01/txtm8yNNPR9RQ.txt
For evalstring.c:
* https://lists.gnu.org/archive/html/bug-bash/2024-01/msg00011.html
* https://git.savannah.gnu.org/cgit/bash.git/diff/builtins/evalstring.c?h=devel&id=81f7b44564cd1510788035cea7c59631865a7db2&dt=1#n766
From 711ab85262884f2b91f09eceb9aefd0e2426ce67 Mon Sep 17 00:00:00 2001
From: Grisha Levit
Date: Sat, 3 Jun 2023 16:51:26 -0400
Subject: [PATCH] various leaks
Found mostly by normal usage running a no-bash-malloc build with clang's
LeakSanitizer enabled. So far seems to provide very accurate results.
* arrayfunc.c
- quote_compound_array_word: make sure to free VALUE
- bind_assoc_var_internal: if assigning to a dynamic variable, make sure
to free the key (usually assoc_insert would do it)
* bashline.c
- bash_command_name_stat_hook: free original *NAME if we are going to
change what it points to (what the callers seem to expect)
* builtins/evalstring.c
- parse_and_execute: make sure to dispose of the parsed command
resulting from a failed function import attempt
- open_redir_file: if we did not get a pointer to pass back the expanded
filename, make sure to free the name
* examples/loadables/stat.c
- loadstat: bind_assoc_variable does not free its VALUE argument so make
sure to do it
* subst.c
- param_expand: free temp1 value for codepaths that don't do it
---
arrayfunc.c | 6 +++++-
bashline.c | 1 +
builtins/evalstring.c | 4 ++++
examples/loadables/stat.c | 1 +
subst.c | 2 ++
5 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/arrayfunc.c b/arrayfunc.c
index 2c05d15b..8ba64084 100644
--- arrayfunc.c
+++ arrayfunc.c
@@ -208,7 +208,10 @@ bind_assoc_var_internal (entry, hash, key, value, flags)
newval = make_array_variable_value (entry, 0, key, value, flags);
if (entry->assign_func)
- (*entry->assign_func) (entry, newval, 0, key);
+ {
+ (*entry->assign_func) (entry, newval, 0, key);
+ FREE (key);
+ }
else
assoc_insert (hash, key, newval);
@@ -985,6 +988,7 @@ quote_compound_array_word (w, type)
if (t != w+ind)
free (t);
strcpy (nword + i, value);
+ free (value);
return nword;
}
diff --git a/bashline.c b/bashline.c
index c85b05b6..bd7548cc 100644
--- bashline.c
+++ bashline.c
@@ -1928,6 +1928,7 @@ bash_command_name_stat_hook (name)
result = search_for_command (cname, 0);
if (result)
{
+ FREE (*name);
*name = result;
return 1;
}
diff --git a/builtins/evalstring.c b/builtins/evalstring.c
index df3dd68e..20c6a4a7 100644
--- builtins/evalstring.c
+++ builtins/evalstring.c
@@ -461,6 +461,8 @@ parse_and_execute (string, from_file, flags)
should_jump_to_top_level = 0;
last_result = last_command_exit_value = EX_BADUSAGE;
set_pipestatus_from_exit (last_command_exit_value);
+ dispose_command(command);
+ global_command = (COMMAND *)NULL;
reset_parser ();
break;
}
@@ -762,6 +764,8 @@ open_redir_file (r, fnp)
if (fnp)
*fnp = fn;
+ else
+ free (fn);
return fd;
}
diff --git a/examples/loadables/stat.c b/examples/loadables/stat.c
index 1e60e7b6..ed5c9764 100644
--- examples/loadables/stat.c
+++ examples/loadables/stat.c
@@ -349,6 +349,7 @@ loadstat (vname, var, fname, flags, fmt, sp)
key = savestring (arraysubs[i]);
value = statval (i, fname, flags, fmt, sp);
v = bind_assoc_variable (var, vname, key, value, ASS_FORCE);
+ free (value);
}
return 0;
}
diff --git a/subst.c b/subst.c
index 1ac6eb2d..ff0602da 100644
--- subst.c
+++ subst.c
@@ -10727,6 +10727,7 @@ comsub:
{
chk_atstar (temp, quoted, pflags, quoted_dollar_at_p, contains_dollar_at);
tdesc = parameter_brace_expand_word (temp, SPECIAL_VAR (temp, 0), quoted, pflags, 0);
+ free (temp1);
if (tdesc == &expand_wdesc_error || tdesc == &expand_wdesc_fatal)
return (tdesc);
ret = tdesc;
@@ -10739,6 +10740,7 @@ comsub:
{
set_exit_status (EXECUTION_FAILURE);
report_error (_("%s: invalid variable name for name reference"), temp);
+ free (temp1);
return (&expand_wdesc_error); /* XXX */
}
else
--
2.43.0