Fix memory leak after fdopen seek failure (RHEL-66253)

Resolves: RHEL-66253
This commit is contained in:
Florian Weimer 2024-11-07 14:24:10 +01:00
parent c6a316c547
commit 0ce6757412
4 changed files with 295 additions and 1 deletions

140
glibc-RHEL-66253-1.patch Normal file
View File

@ -0,0 +1,140 @@
commit ddf71c550a5940deca74cc676f1cae134a891717
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue Apr 30 09:21:16 2024 -0700
libio: Sort test variables in Makefile
Sort test variables in libio/Makefile using scripts/sort-makefile-lines.py.
Reviewed-by: Sunil K Pandey <skpgkp2@gmail.com>
Conflicts:
libio/Makefile
(missing tst-bz28828 downstream)
diff --git a/libio/Makefile b/libio/Makefile
index 10c2ed140a855877..31e27b022c73669a 100644
--- a/libio/Makefile
+++ b/libio/Makefile
@@ -51,22 +51,75 @@ routines := \
\
libc_fatal fmemopen oldfmemopen vtables
-tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
- tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
- tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf \
- tst-mmap-setvbuf bug-ungetwc1 bug-ungetwc2 tst-atime tst-eof \
- tst-freopen bug-rewind bug-rewind2 bug-ungetc bug-fseek \
- tst-mmap-eofsync tst-mmap-fflushsync bug-mmap-fflush \
- tst-mmap2-eofsync tst-mmap-offend bug-fopena+ bug-wfflush \
- bug-ungetc2 bug-ftell bug-ungetc3 bug-ungetc4 tst-fopenloc2 \
- tst-memstream1 tst-memstream2 tst-memstream3 tst-memstream4 \
- tst-wmemstream1 tst-wmemstream2 tst-wmemstream3 tst-wmemstream4 \
- tst-wmemstream5 bug-memstream1 bug-wmemstream1 \
- tst-setvbuf1 tst-popen1 tst-fgetwc bug-wsetpos tst-fseek \
- tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \
- tst-ftell-append tst-fputws tst-bz22415 tst-fgetc-after-eof \
- tst-sprintf-ub tst-sprintf-chk-ub tst-bz24051 tst-bz24153 \
- tst-wfile-sync tst-getdelim
+tests = \
+ bug-fopena+ \
+ bug-fseek \
+ bug-ftell \
+ bug-memstream1 \
+ bug-mmap-fflush \
+ bug-rewind \
+ bug-rewind2 \
+ bug-ungetc \
+ bug-ungetc2 \
+ bug-ungetc3 \
+ bug-ungetc4 \
+ bug-ungetwc1 \
+ bug-ungetwc2 \
+ bug-wfflush \
+ bug-wmemstream1 \
+ bug-wsetpos \
+ test-fmemopen \
+ tst-atime \
+ tst-bz22415 \
+ tst-bz24051 \
+ tst-bz24153 \
+ tst-eof \
+ tst-ext \
+ tst-ext2 \
+ tst-fgetc-after-eof \
+ tst-fgetwc \
+ tst-fgetws \
+ tst-fopenloc2 \
+ tst-fputws \
+ tst-freopen \
+ tst-fseek \
+ tst-ftell-active-handler \
+ tst-ftell-append \
+ tst-ftell-partial-wide \
+ tst-fwrite-error \
+ tst-getdelim \
+ tst-memstream1 \
+ tst-memstream2 \
+ tst-memstream3 \
+ tst-memstream4 \
+ tst-mmap-eofsync \
+ tst-mmap-fflushsync \
+ tst-mmap-offend \
+ tst-mmap-setvbuf \
+ tst-mmap2-eofsync \
+ tst-popen1 \
+ tst-setvbuf1 \
+ tst-sprintf-chk-ub \
+ tst-sprintf-ub \
+ tst-sscanf \
+ tst-swscanf \
+ tst-ungetwc1 \
+ tst-ungetwc2 \
+ tst-wfile-sync \
+ tst-widetext \
+ tst-wmemstream1 \
+ tst-wmemstream2 \
+ tst-wmemstream3 \
+ tst-wmemstream4 \
+ tst-wmemstream5 \
+ tst_getwc \
+ tst_putwc \
+ tst_swprintf \
+ tst_swscanf \
+ tst_wprintf \
+ tst_wprintf2 \
+ tst_wscanf \
+ # tests
tests-internal = tst-vtables tst-vtables-interposed
@@ -200,16 +253,26 @@ tests-special += $(objpfx)tst-fopenloc-cmp.out $(objpfx)tst-fopenloc-mem.out \
$(objpfx)tst-bz24228-mem.out
endif
-tests += tst-cleanup-default tst-cleanup-default-static
+tests += \
+ tst-cleanup-default \
+ tst-cleanup-default-static \
+ # tests
tests-static += tst-cleanup-default-static
tests-special += $(objpfx)tst-cleanup-default-cmp.out $(objpfx)tst-cleanup-default-static-cmp.out
LDFLAGS-tst-cleanup-default = -Wl,--gc-sections
LDFLAGS-tst-cleanup-default-static = -Wl,--gc-sections
ifeq ($(have-gnu-retain)$(have-z-start-stop-gc),yesyes)
-tests += tst-cleanup-start-stop-gc tst-cleanup-start-stop-gc-static \
- tst-cleanup-nostart-stop-gc tst-cleanup-nostart-stop-gc-static
-tests-static += tst-cleanup-start-stop-gc-static tst-cleanup-nostart-stop-gc-static
+tests += \
+ tst-cleanup-nostart-stop-gc \
+ tst-cleanup-nostart-stop-gc-static \
+ tst-cleanup-start-stop-gc \
+ tst-cleanup-start-stop-gc-static \
+ # tests
+tests-static += \
+ tst-cleanup-nostart-stop-gc-static \
+ tst-cleanup-start-stop-gc-static \
+ # tests-static
tests-special += $(objpfx)tst-cleanup-start-stop-gc-cmp.out \
$(objpfx)tst-cleanup-start-stop-gc-static-cmp.out \
$(objpfx)tst-cleanup-nostart-stop-gc-cmp.out \

28
glibc-RHEL-66253-2.patch Normal file
View File

@ -0,0 +1,28 @@
commit b2c3ee3724900975deaf5eae57640bb0c2d7315e
Author: Andreas Schwab <schwab@suse.de>
Date: Tue Jun 4 11:01:11 2024 +0200
Remove memory leak in fdopen (bug 31840)
Deallocate the memory for the FILE structure when seeking to the end fails
in append mode.
Fixes: ea33158c96 ("Fix offset caching for streams and use it for ftell (BZ #16680)")
diff --git a/libio/iofdopen.c b/libio/iofdopen.c
index 498791b2872f4b93..e3596fa4c91644b7 100644
--- a/libio/iofdopen.c
+++ b/libio/iofdopen.c
@@ -156,7 +156,11 @@ _IO_new_fdopen (int fd, const char *mode)
{
off64_t new_pos = _IO_SYSSEEK (&new_f->fp.file, 0, _IO_seek_end);
if (new_pos == _IO_pos_BAD && errno != ESPIPE)
- return NULL;
+ {
+ _IO_un_link (&new_f->fp);
+ free (new_f);
+ return NULL;
+ }
}
return &new_f->fp.file;
}

120
glibc-RHEL-66253-3.patch Normal file
View File

@ -0,0 +1,120 @@
commit d0106b6ae26c8cc046269358a77188105c99d5e3
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Jun 4 14:37:35 2024 +0200
libio: Test for fdopen memory leak without SEEK_END support (bug 31840)
The bug report used /dev/mem, but /proc/self/mem works as well
(if available).
diff --git a/libio/Makefile b/libio/Makefile
index 31e27b022c73669a..418102c4c0d8c25a 100644
--- a/libio/Makefile
+++ b/libio/Makefile
@@ -76,6 +76,7 @@ tests = \
tst-eof \
tst-ext \
tst-ext2 \
+ tst-fdopen-seek-failure \
tst-fgetc-after-eof \
tst-fgetwc \
tst-fgetws \
@@ -220,6 +221,9 @@ tst_wprintf2-ARGS = "Some Text"
test-fmemopen-ENV = MALLOC_TRACE=$(objpfx)test-fmemopen.mtrace \
LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
+tst-fdopen-seek-failure-ENV = \
+ MALLOC_TRACE=$(objpfx)tst-fdopen-seek-failure.mtrace \
+ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
tst-fopenloc-ENV = MALLOC_TRACE=$(objpfx)tst-fopenloc.mtrace \
LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
tst-bz22415-ENV = MALLOC_TRACE=$(objpfx)tst-bz22415.mtrace \
@@ -228,6 +232,7 @@ tst-bz24228-ENV = MALLOC_TRACE=$(objpfx)tst-bz24228.mtrace \
LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
generated += test-fmemopen.mtrace test-fmemopen.check
+generated += tst-fdopen-seek-failure.mtrace tst-fdopen-seek-failure.check
generated += tst-fopenloc.mtrace tst-fopenloc.check
generated += tst-bz22415.mtrace tst-bz22415.check
@@ -244,8 +249,12 @@ shared-only-routines = oldiofopen oldiofdopen oldiofclose oldfileops \
oldiofsetpos64
ifeq ($(run-built-tests),yes)
-tests-special += $(objpfx)test-freopen.out $(objpfx)test-fmemopen-mem.out \
- $(objpfx)tst-bz22415-mem.out
+tests-special += \
+ $(objpfx)test-fmemopen-mem.out \
+ $(objpfx)test-freopen.out \
+ $(objpfx)tst-bz22415-mem.out \
+ $(objpfx)tst-fdopen-seek-failure-mem.out \
+ # tests-special
ifeq (yes,$(build-shared))
# Run tst-fopenloc-cmp.out and tst-openloc-mem.out only if shared
# library is enabled since they depend on tst-fopenloc.out.
@@ -333,6 +342,11 @@ $(objpfx)test-fmemopen-mem.out: $(objpfx)test-fmemopen.out
$(common-objpfx)malloc/mtrace $(objpfx)test-fmemopen.mtrace > $@; \
$(evaluate-test)
+$(objpfx)tst-fdopen-seek-failure-mem.out: $(objpfx)tst-fdopen-seek-failure.out
+ $(common-objpfx)malloc/mtrace \
+ $(objpfx)tst-fdopen-seek-failure.mtrace > $@; \
+ $(evaluate-test)
+
$(objpfx)tst-fopenloc-mem.out: $(objpfx)tst-fopenloc.out
$(common-objpfx)malloc/mtrace $(objpfx)tst-fopenloc.mtrace > $@; \
$(evaluate-test)
diff --git a/libio/tst-fdopen-seek-failure.c b/libio/tst-fdopen-seek-failure.c
new file mode 100644
index 0000000000000000..5c4d40ab34158571
--- /dev/null
+++ b/libio/tst-fdopen-seek-failure.c
@@ -0,0 +1,48 @@
+/* Test for fdopen memory leak without SEEK_END support (bug 31840).
+ Copyright (C) 2024 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+
+#include <errno.h>
+#include <fcntl.h>
+#include <mcheck.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <support/check.h>
+#include <support/xunistd.h>
+#include <unistd.h>
+
+static int
+do_test (void)
+{
+ mtrace ();
+
+ /* This file is special because it is seekable, but only
+ with SEEK_SET, not SEEK_END. */
+ int fd = open ("/proc/self/mem", O_RDWR);
+ if (fd < 0)
+ FAIL_UNSUPPORTED ("/proc/self/mem not found: %m");
+ FILE *fp = fdopen (fd, "a");
+ /* The fdopen call should have failed because it tried to use
+ SEEK_END. */
+ TEST_VERIFY (fp == NULL);
+ TEST_COMPARE (errno, EINVAL);
+ xclose (fd);
+ return 0;
+}
+
+#include <support/test-driver.c>

View File

@ -157,7 +157,7 @@ end \
Summary: The GNU libc libraries
Name: glibc
Version: %{glibcversion}
Release: 136%{?dist}
Release: 137%{?dist}
# In general, GPLv2+ is used by programs, LGPLv2+ is used for
# libraries.
@ -910,6 +910,9 @@ Patch671: glibc-RHEL-50662-4.patch
Patch672: glibc-RHEL-50662-5.patch
Patch673: glibc-RHEL-50662-6.patch
Patch674: glibc-RHEL-46724.patch
Patch675: glibc-RHEL-66253-1.patch
Patch676: glibc-RHEL-66253-2.patch
Patch677: glibc-RHEL-66253-3.patch
##############################################################################
# Continued list of core "glibc" package information:
@ -3069,6 +3072,9 @@ update_gconv_modules_cache ()
%endif
%changelog
* Thu Nov 7 2024 Florian Weimer <fweimer@redhat.com> - 2.34-137
- Fix memory leak after fdopen seek failure (RHEL-66253)
* Thu Nov 7 2024 Florian Weimer <fweimer@redhat.com> - 2.34-136
- Document rules for mixing stdio streams and file descriptors (RHEL-46724)