From: Nick Mathewson <nickm@torproject.org>
Date: Sat, 24 Apr 2010 03:55:30 +0000 (-0400)
Subject: Fix a memory leak when unmarshalling RPC object arrays
X-Git-Tag: release-2.0.5-beta~35^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f6ab2a2811477547347b395789c0340c38603944;p=libevent

Fix a memory leak when unmarshalling RPC object arrays

The old code would use type_var_add() for its side-effect of expanding the
array, then leak the new object that was added to the array.

The new code adds a static function to handle the array resizing.
---

diff --git a/event_rpcgen.py b/event_rpcgen.py
index 9eb75762..05f0a362 100755
--- a/event_rpcgen.py
+++ b/event_rpcgen.py
@@ -1134,20 +1134,29 @@ class EntryArray(Entry):
             'msg->%(name)s_data[msg->%(name)s_length - 1]' % self.GetTranslation(),
             'value')
         code = [
+            'static int',
+            '%(parent_name)s_%(name)s_expand_to_hold_more('
+            'struct %(parent_name)s *msg)',
+            '{',
+            '  int tobe_allocated = msg->%(name)s_num_allocated;',
+            '  %(ctype)s* new_data = NULL;',
+            '  tobe_allocated = !tobe_allocated ? 1 : tobe_allocated << 1;',
+            '  new_data = (%(ctype)s*) realloc(msg->%(name)s_data,',
+            '      tobe_allocated * sizeof(%(ctype)s));',
+            '  if (new_data == NULL)',
+            '    return -1;',
+            '  msg->%(name)s_data = new_data;',
+            '  msg->%(name)s_num_allocated = tobe_allocated;',
+            '  return 0;'
+            '}',
+            '',
             '%(ctype)s %(optpointer)s',
             '%(parent_name)s_%(name)s_add('
             'struct %(parent_name)s *msg%(optaddarg)s)',
             '{',
             '  if (++msg->%(name)s_length >= msg->%(name)s_num_allocated) {',
-            '    int tobe_allocated = msg->%(name)s_num_allocated;',
-            '    %(ctype)s* new_data = NULL;',
-            '    tobe_allocated = !tobe_allocated ? 1 : tobe_allocated << 1;',
-            '    new_data = (%(ctype)s*) realloc(msg->%(name)s_data,',
-            '        tobe_allocated * sizeof(%(ctype)s));',
-            '    if (new_data == NULL)',
+            '    if (%(parent_name)s_%(name)s_expand_to_hold_more(msg)<0)',
             '      goto error;',
-            '    msg->%(name)s_data = new_data;',
-            '    msg->%(name)s_num_allocated = tobe_allocated;',
             '  }' ]
 
         code = TranslateList(code, self.GetTranslation())
@@ -1193,17 +1202,14 @@ class EntryArray(Entry):
                                           'buf' : buf,
                                           'tag' : tag_name,
                                           'init' : self._entry.GetInitializer()})
-        if self._optaddarg:
-            code = [
-                'if (%(parent_name)s_%(name)s_add(%(var)s, %(init)s) == NULL)',
-                '  return (-1);' ]
-        else:
-            code = [
-                'if (%(parent_name)s_%(name)s_add(%(var)s) == NULL)',
-                '  return (-1);' ]
+        code = [
+            'if (%(var)s->%(name)s_length >= %(var)s->%(name)s_num_allocated &&',
+            '    %(parent_name)s_%(name)s_expand_to_hold_more(%(var)s) < 0) {',
+            '  puts("HEY NOW");',
+            '  return (-1);',
+            '}']
 
         # the unmarshal code directly returns
-        code += [ '--%(var)s->%(name)s_length;' % translate ]
         code = TranslateList(code, translate)
 
         self._index = '%(var)s->%(name)s_length' % translate