afs: Fix memory leak in make_status_items().
authorAndre Noll <maan@tuebingen.mpg.de>
Tue, 2 Jan 2018 23:55:03 +0000 (00:55 +0100)
committerAndre Noll <maan@tuebingen.mpg.de>
Tue, 13 Mar 2018 02:28:10 +0000 (03:28 +0100)
The leak occurs when the second call to print_list_item() fails. In
this case we leak the memory pointed to by the lpr pointer. This patch
also streamlines the code a bit by introducing the free_status_items()
helper.

aft.c

diff --git a/aft.c b/aft.c
index 1234ee5..b863f22 100644 (file)
--- a/aft.c
+++ b/aft.c
@@ -978,6 +978,12 @@ out:
        WRITE_STATUS_ITEM(pb, SI_file_size, "%ld\n", statbuf.st_size / 1024);
 }
 
+static void free_status_items(void)
+{
+       freep(&status_items);
+       freep(&parser_friendly_status_items);
+}
+
 static int make_status_items(void)
 {
        const struct lls_command *cmd = SERVER_CMD_CMD_PTR(LS);
@@ -987,6 +993,7 @@ static int make_status_items(void)
        time_t current_time;
        int ret;
 
+       free_status_items();
        if (!status_item_ls_data.path) /* no audio file open */
                return 0;
        ret = lls_parse(ARRAY_SIZE(argv), argv, cmd, &opts.lpr, NULL);
@@ -996,23 +1003,20 @@ static int make_status_items(void)
        if (ret < 0)
                goto out;
        make_inode_status_items(&pb);
-       free(status_items);
        status_items = pb.buf;
 
        memset(&pb, 0, sizeof(pb));
        pb.max_size = shm_get_shmmax() - 1;
        pb.flags = PBF_SIZE_PREFIX;
        ret = print_list_item(&status_item_ls_data, &opts, &pb, current_time);
-       if (ret < 0) {
-               free(status_items);
-               status_items = NULL;
-               return ret;
-       }
+       if (ret < 0)
+               goto out;
        make_inode_status_items(&pb);
-       free(parser_friendly_status_items);
        parser_friendly_status_items = pb.buf;
        ret = 1;
 out:
+       if (ret < 0)
+               free_status_items();
        lls_free_parse_result(opts.lpr, cmd);
        return ret;
 }