Thanks again, Zhenbo.
there where several leaks in http.c and one in ftp-basic.c (patches attached).
retr.c seems to be ok (false positives).
Also, init.c/home_dir() has to be rewritten (some stupids, e.g. MSDOS branch
wouldn't compile.). I'll do that later.
Tim
Am Wednesday 11 April 2012 schrieb Zhenbo Xu:
> Hi, wget,
> I have applied a memory leak detection tool
> Melton<http://lcs.ios.ac.cn/~xuzb/melton.html> to
> find memory leaks in wget-1.3.
> Some potential bugs were found, and I check them manually as the real bugs.
> Here is the index url of thes bugs:
> http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/wget-1.13/realbugs/index.html
>
> Or you can download it from the following url:
> http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/wget-1.13/realbugs_wget_1.13.t
> ar.gz
>
> Hope for your replies.
>
> Some explanations are given below:
>
> *Bug No. 7 and No. 8:*
> a heap object is allocated to respline at :
> 8030 err = ftp_response (csock,
> &respline)<http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/wget-1.13/realbugs/
> report-KG45QU.html#Path9_2> ;
> and it's not freed at
> 8043 return FTPINVPASV;
>
> *Bug No. 9 ~ No. 16:*
> As function fd_read_line(..) returns a heap object and there is not any
> free statement in programs, memory leaks may occur.
>
>
> *Bug No. 17:*
> req = request_new
> ()<http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/wget-1.13/realbugs/report-5
> 5xqty.html#Path49_2> ;
> req is not freed along the annotated path.
>
> *Bug No. 20:*
> There are two kinds of bugs in this report.
> The first one:
> at function setval_internal_tilde,
> 8278 home = home_dir
> ()<http://lcs.ios.ac.cn/~xuzb/bugsfound/memleak/wget-1.13/realbugs/report-M
> uxcQK.html#Path11_3>;
>
> home should be released at the end of this function.
>
> The second one:
> before the following assignment
> *pstring = concat_strings (home, "/", val, (char *)0);
> As pstring = commands[comind].place, Should we free commands[comind].place
> at first to avoid the reassignment?
=== modified file 'src/ftp-basic.c'
--- src/ftp-basic.c 2011-01-01 12:19:37 +0000
+++ src/ftp-basic.c 2012-04-12 08:27:36 +0000
@@ -524,7 +524,10 @@
for (s += 4; *s && !c_isdigit (*s); s++)
;
if (!*s)
- return FTPINVPASV;
+ {
+ xfree (respline);
+ return FTPINVPASV;
+ }
for (i = 0; i < 6; i++)
{
tmp[i] = 0;
@@ -593,7 +596,10 @@
for (s += 4; *s && !c_isdigit (*s); s++)
;
if (!*s)
- return FTPINVPASV;
+ {
+ xfree (respline);
+ return FTPINVPASV;
+ }
/* First, get the address family */
af = 0;
=== modified file 'src/http.c'
--- src/http.c 2012-02-25 10:58:21 +0000
+++ src/http.c 2012-04-12 09:54:22 +0000
@@ -2030,6 +2030,7 @@
if (write_error < 0)
{
CLOSE_INVALIDATE (sock);
+ request_free (req);
return WRITEFAILED;
}
@@ -2039,6 +2040,7 @@
logprintf (LOG_VERBOSE, _("Failed reading proxy response: %s\n"),
fd_errstr (sock));
CLOSE_INVALIDATE (sock);
+ request_free (req);
return HERR;
}
message = NULL;
@@ -2059,6 +2061,7 @@
quotearg_style (escape_quoting_style,
_("Malformed status line")));
xfree (head);
+ request_free (req);
return HERR;
}
hs->message = xstrdup (message);
@@ -2070,6 +2073,7 @@
logprintf (LOG_NOTQUIET, _("Proxy tunneling failed: %s"),
message ? quotearg_style (escape_quoting_style, message) : "?");
xfree_null (message);
+ request_free (req);
return CONSSLERR;
}
xfree_null (message);
@@ -2085,11 +2089,13 @@
if (!ssl_connect_wget (sock))
{
fd_close (sock);
+ request_free (req);
return CONSSLERR;
}
else if (!ssl_check_certificate (sock, u->host))
{
fd_close (sock);
+ request_free (req);
return VERIFCERTERR;
}
using_ssl = true;
@@ -2222,6 +2228,7 @@
quotearg_style (escape_quoting_style,
_("Malformed status line")));
CLOSE_INVALIDATE (sock);
+ resp_free (resp);
request_free (req);
xfree (head);
return HERR;
@@ -2230,6 +2237,7 @@
if (H_10X (statcode))
{
DEBUGP (("Ignoring response\n"));
+ resp_free (resp);
xfree (head);
goto read_header;
}
@@ -2450,6 +2458,8 @@
retrieve the file. But if the output_document was given, then this
test was already done and the file didn't exist. Hence the !opt.output_document */
get_file_flags (hs->local_file, dt);
+ request_free (req);
+ resp_free (resp);
xfree (head);
xfree_null (message);
return RETRUNNEEDED;
