neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-iuh/+/37413?usp=email )
Change subject: fix memleak: free after aper_decode() also on error ......................................................................
fix memleak: free after aper_decode() also on error
It turns out that aper_decode() wants the caller to ASN_STRUCT_FREE() always, also even when it returned != RC_OK.
When during a test I was feeding random data (a BSSMAP message) to ranap_cn_rx_co_decode2(), I ended up with ASAN indicating a memory leak:
``` pkt DEBUG packet.1 RANAP 01 00 03 05 18 01 (decode_iu.c:658) tag ERROR Error in RANAP ASN.1 decode (ranap_common_cn.c:401) tag ERROR Not calling cn_ranap_handle_co() due to rc=-1 (ranap_common_cn.c:428) pkt ERROR packet.1 RANAP failed to decode RANAP data (decode_iu.c:668)
================================================================= ==1920572==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 208 byte(s) in 1 object(s) allocated from: #0 0x7f34520f3bc7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f34526ccddd (/lib/x86_64-linux-gnu/libtalloc.so.2+0x5ddd) (BuildId: 75c550e5dc091c77e1159c52b284f34d0c4d92cd)
Indirect leak of 102 byte(s) in 1 object(s) allocated from: #0 0x7f34520f3bc7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f34526ccddd (/lib/x86_64-linux-gnu/libtalloc.so.2+0x5ddd) (BuildId: 75c550e5dc091c77e1159c52b284f34d0c4d92cd)
SUMMARY: AddressSanitizer: 310 byte(s) leaked in 2 allocation(s). ```
With this patch, the leak is gone.
Change-Id: I03ed2376e520ec6dbcc2bae22f9291e211c7cca9 --- M src/ranap_common_cn.c 1 file changed, 43 insertions(+), 2 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-iuh refs/changes/13/37413/1
diff --git a/src/ranap_common_cn.c b/src/ranap_common_cn.c index 1a01bb0..26f9e69 100644 --- a/src/ranap_common_cn.c +++ b/src/ranap_common_cn.c @@ -399,13 +399,15 @@ dec_ret = aper_decode(NULL, &asn_DEF_RANAP_RANAP_PDU, (void **)&pdu, data, len, 0, 0); if (dec_ret.code != RC_OK) { LOGP(DRANAP, LOGL_ERROR, "Error in RANAP ASN.1 decode\n"); - return -1; + rc = -1; + goto error_free; }
message->direction = pdu->present;
rc = _cn_ranap_rx_co(pdu, message);
+error_free: ASN_STRUCT_FREE(asn_DEF_RANAP_RANAP_PDU, pdu);
return rc; @@ -645,13 +647,15 @@ dec_ret = aper_decode(NULL, &asn_DEF_RANAP_RANAP_PDU, (void **)&pdu, data, len, 0, 0); if (dec_ret.code != RC_OK) { LOGP(DRANAP, LOGL_ERROR, "Error in RANAP ASN.1 decode\n"); - return -1; + rc = -1; + goto error_free; }
message->direction = pdu->present;
rc = _cn_ranap_rx_cl(pdu, message);
+error_free: ASN_STRUCT_FREE(asn_DEF_RANAP_RANAP_PDU, pdu);
return rc;