Actions
Bug #4850
openFile descriptor leak in tlicall()
Start date:
2014-05-05
Due date:
% Done:
0%
Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
Description
There are two possible file descriptor leaks in tlicall().
Leak 1
Here is the source code:
489 if (setjmp(Sjbuf)) { 490 DEBUG(1, "t_open timeout\\n%s", ""); 491 logent("t_open", "TIMEOUT"); 492 Uerror = SS_NO_DEVICE; 493 return (FAIL); 494 } 495 (void) signal(SIGALRM, alarmtr); 496 (void) alarm(5); 497 fd = t_open(devname, O_RDWR, &tinfo); 498 (void) alarm(0);
In alarmtr() the longjmp() is called to jump back at line 489.
In a case the alarm timeouts after the file is opened, but before alarm(0) is called, we will leak fd. In addition we might also leak some memory allocated in t_open().
Leak 2
Later in tlicall() there is this code:
504 if (fd_mklock(fd) != SUCCESS) { 505 (void) t_close(fd); 506 DEBUG(1, "tlicall: failed to lock device %s\\n", devname); 507 Uerror = SS_LOCKED_DEVICE; 508 return (FAIL); 509 } 510 511 /* allocate tli structures */ 512 errno = t_errno = 0; 513 /* LINTED pointer cast */ 514 if ((bind_ret = (struct t_bind *)t_alloc(fd, T_BIND, T_ALL)) == NULL || 515 /* LINTED pointer cast */ 516 (sndcall = (struct t_call *)t_alloc(fd, T_CALL, T_ALL)) == NULL || 517 /* LINTED pointer cast */ 518 (rcvcall = (struct t_call *)t_alloc(fd, T_CALL, T_ALL)) == NULL) { 519 tfaillog(fd, "t_alloc"); 520 TFREE(bind_ret, T_BIND); 521 TFREE(sndcall, T_CALL); 522 TFREE(rcvcall, T_CALL); 523 Uerror = SS_NO_DEVICE; 524 return (FAIL); 525 }
There are missing both fd_rmlock() and t_close() calls before line 524.
Related issues
No data to display
Actions