neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-iuh/+/37413?usp=email ) Change subject: fix memleak: free after aper_decode() also on error ...................................................................... fix memleak: free after aper_decode() also on error It turns out that aper_decode() wants the caller to ASN_STRUCT_FREE() always, also even when it returned != RC_OK. When during a test I was feeding random data (a BSSMAP message) to ranap_cn_rx_co_decode2(), I ended up with ASAN indicating a memory leak: ``` pkt DEBUG packet.1 RANAP 01 00 03 05 18 01 (decode_iu.c:658) tag ERROR Error in RANAP ASN.1 decode (ranap_common_cn.c:401) tag ERROR Not calling cn_ranap_handle_co() due to rc=-1 (ranap_common_cn.c:428) pkt ERROR packet.1 RANAP failed to decode RANAP data (decode_iu.c:668) ================================================================= ==1920572==ERROR: LeakSanitizer: detected memory leaks Direct leak of 208 byte(s) in 1 object(s) allocated from: #0 0x7f34520f3bc7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f34526ccddd (/lib/x86_64-linux-gnu/libtalloc.so.2+0x5ddd) (BuildId: 75c550e5dc091c77e1159c52b284f34d0c4d92cd) Indirect leak of 102 byte(s) in 1 object(s) allocated from: #0 0x7f34520f3bc7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f34526ccddd (/lib/x86_64-linux-gnu/libtalloc.so.2+0x5ddd) (BuildId: 75c550e5dc091c77e1159c52b284f34d0c4d92cd) SUMMARY: AddressSanitizer: 310 byte(s) leaked in 2 allocation(s). ``` With this patch, the leak is gone. Change-Id: I03ed2376e520ec6dbcc2bae22f9291e211c7cca9 --- M src/ranap_common_cn.c 1 file changed, 43 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-iuh refs/changes/13/37413/1 diff --git a/src/ranap_common_cn.c b/src/ranap_common_cn.c index 1a01bb0..26f9e69 100644 --- a/src/ranap_common_cn.c +++ b/src/ranap_common_cn.c @@ -399,13 +399,15 @@ dec_ret = aper_decode(NULL, &asn_DEF_RANAP_RANAP_PDU, (void **)&pdu, data, len, 0, 0); if (dec_ret.code != RC_OK) { LOGP(DRANAP, LOGL_ERROR, "Error in RANAP ASN.1 decode\n"); - return -1; + rc = -1; + goto error_free; } message->direction = pdu->present; rc = _cn_ranap_rx_co(pdu, message); +error_free: ASN_STRUCT_FREE(asn_DEF_RANAP_RANAP_PDU, pdu); return rc; @@ -645,13 +647,15 @@ dec_ret = aper_decode(NULL, &asn_DEF_RANAP_RANAP_PDU, (void **)&pdu, data, len, 0, 0); if (dec_ret.code != RC_OK) { LOGP(DRANAP, LOGL_ERROR, "Error in RANAP ASN.1 decode\n"); - return -1; + rc = -1; + goto error_free; } message->direction = pdu->present; rc = _cn_ranap_rx_cl(pdu, message); +error_free: ASN_STRUCT_FREE(asn_DEF_RANAP_RANAP_PDU, pdu); return rc; -- To view, visit https://gerrit.osmocom.org/c/osmo-iuh/+/37413?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-iuh Gerrit-Branch: master Gerrit-Change-Id: I03ed2376e520ec6dbcc2bae22f9291e211c7cca9 Gerrit-Change-Number: 37413 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: newchange