Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-11093

Memory leaks in error paths realloc failure

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • 3
    • StorEng - Defined Pipeline

      Error paths src/utilities/util_load.c and src/utilities/util_load_json.c when assume when realloc fails (returns NULL) then any pre-existing allocated memory is freed.
      From util_load.c:

                  if ((tlist = util_realloc(list, (size_t)(max_entry += 100) * sizeof(char *))) == NULL) {
                ret = util_err(session, errno, NULL);

                /*
                 * List already freed by realloc, still use err label for consistency.
                 */
                list = NULL;
                goto err;
            }

      This is not the behavior of realloc, which may or may not free the memory if size==0 [C11 7.22.3.4]. As of C17 even this usage is deprecated, and as of C23 it is undefined.
      So in the error paths where pointer argument may not be NULL when realloc fails should explicitly free the pointer.

            Assignee:
            backlog-server-storage-engines [DO NOT USE] Backlog - Storage Engines Team
            Reporter:
            marc.butler@mongodb.com Marc Butler
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: