From 166b0280b0c8ac61c9a70bed5aaa83c98f9fc32c Mon Sep 17 00:00:00 2001 From: Pavan Deolasee Date: Fri, 6 May 2016 18:06:37 +0530 Subject: Fix a memory leak in GTM proxy When two lists are concatnated, we might leak header of the second list since only the list cells are concatnated. We must be careful not to free the list if list_concat returned the to-be-concatnated list as-is. --- src/gtm/proxy/proxy_main.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'src') diff --git a/src/gtm/proxy/proxy_main.c b/src/gtm/proxy/proxy_main.c index 871280fa89..e03e3e8b34 100644 --- a/src/gtm/proxy/proxy_main.c +++ b/src/gtm/proxy/proxy_main.c @@ -2441,6 +2441,14 @@ GTMProxy_ProcessPendingCommands(GTMProxy_ThreadInfo *thrinfo) */ thrinfo->thr_processed_commands = gtm_list_concat(thrinfo->thr_processed_commands, thrinfo->thr_pending_commands[ii]); + /* + * Free the list header of the second list, unless + * gtm_list_concat actually returned the second list as-is + * because the first list was empty + */ + if ((thrinfo->thr_processed_commands != thrinfo->thr_pending_commands[ii]) && + (thrinfo->thr_pending_commands[ii] != gtm_NIL)) + pfree(thrinfo->thr_pending_commands[ii]); thrinfo->thr_pending_commands[ii] = gtm_NIL; break; @@ -2472,6 +2480,14 @@ GTMProxy_ProcessPendingCommands(GTMProxy_ThreadInfo *thrinfo) */ thrinfo->thr_processed_commands = gtm_list_concat(thrinfo->thr_processed_commands, thrinfo->thr_pending_commands[ii]); + /* + * Free the list header of the second list, unless + * gtm_list_concat actually returned the second list as-is + * because the first list was empty + */ + if ((thrinfo->thr_processed_commands != thrinfo->thr_pending_commands[ii]) && + (thrinfo->thr_pending_commands[ii] != gtm_NIL)) + pfree(thrinfo->thr_pending_commands[ii]); thrinfo->thr_pending_commands[ii] = gtm_NIL; break; @@ -2506,6 +2522,14 @@ GTMProxy_ProcessPendingCommands(GTMProxy_ThreadInfo *thrinfo) */ thrinfo->thr_processed_commands = gtm_list_concat(thrinfo->thr_processed_commands, thrinfo->thr_pending_commands[ii]); + /* + * Free the list header of the second list, unless + * gtm_list_concat actually returned the second list as-is + * because the first list was empty + */ + if ((thrinfo->thr_processed_commands != thrinfo->thr_pending_commands[ii]) && + (thrinfo->thr_pending_commands[ii] != gtm_NIL)) + pfree(thrinfo->thr_pending_commands[ii]); thrinfo->thr_pending_commands[ii] = gtm_NIL; break; @@ -2537,6 +2561,14 @@ GTMProxy_ProcessPendingCommands(GTMProxy_ThreadInfo *thrinfo) */ thrinfo->thr_processed_commands = gtm_list_concat(thrinfo->thr_processed_commands, thrinfo->thr_pending_commands[ii]); + /* + * Free the list header of the second list, unless + * gtm_list_concat actually returned the second list as-is + * because the first list was empty + */ + if ((thrinfo->thr_processed_commands != thrinfo->thr_pending_commands[ii]) && + (thrinfo->thr_pending_commands[ii] != gtm_NIL)) + pfree(thrinfo->thr_pending_commands[ii]); thrinfo->thr_pending_commands[ii] = gtm_NIL; break; -- cgit v1.2.3