pespin has uploaded this change for review.

View Change

osmo_io: Fix msgb memleak if iofd is unregistered during write_cb with >1 io buffers

The msgbs are not allocated under the msghdr, hence if user unregistered
the iofd we need to manually free all remaining msgbs when freeing the
msghdr.

Change-Id: I579bc2142bba02947021c47d94bf2fe4f2040b01
---
M src/core/osmo_io.c
1 file changed, 11 insertions(+), 2 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/12/42412/1
diff --git a/src/core/osmo_io.c b/src/core/osmo_io.c
index 2a20405..ddf77ec 100644
--- a/src/core/osmo_io.c
+++ b/src/core/osmo_io.c
@@ -553,7 +553,7 @@
 
 			/* The user can unregister/close the iofd during callback above. */
 			if (!IOFD_FLAG_ISSET(iofd, IOFD_FLAG_FD_REGISTERED))
-				break;
+				goto free_remaining_idx;
 		}
 		iofd_msghdr_free(msghdr);
 		return;
@@ -606,9 +606,18 @@
 
 		/* The user can unregister/close the iofd during callback above. */
 		if (!IOFD_FLAG_ISSET(iofd, IOFD_FLAG_FD_REGISTERED))
-			break;
+			goto free_remaining_idx;
 	}
 	iofd_msghdr_free(msghdr);
+	return;
+
+free_remaining_idx:
+	for (idx = idx + 1; idx < msghdr->io_len; idx++) {
+		msgb_free(msghdr->msg[idx]);
+		msghdr->msg[idx] = NULL;
+	}
+	iofd_msghdr_free(msghdr);
+	return;
 }
 
 /* Public functions */

To view, visit change 42412. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newchange
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Change-Id: I579bc2142bba02947021c47d94bf2fe4f2040b01
Gerrit-Change-Number: 42412
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <pespin@sysmocom.de>