From nobody@FreeBSD.org  Tue Oct  9 11:04:16 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 128352A3
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  9 Oct 2012 11:04:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id D4A198FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  9 Oct 2012 11:04:15 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id q99B4F90021697
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 9 Oct 2012 11:04:15 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id q99B4F51021696;
	Tue, 9 Oct 2012 11:04:15 GMT
	(envelope-from nobody)
Message-Id: <201210091104.q99B4F51021696@red.freebsd.org>
Date: Tue, 9 Oct 2012 11:04:15 GMT
From: Erik Cederstrand <erik@cederstrand.dk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Memory leak and allocator sizeof operand mismatch in umount
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         172553
>Category:       bin
>Synopsis:       [patch] unmount(8): Memory leak and allocator sizeof operand mismatch in umount
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    eadler
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 09 22:30:28 UTC 2012
>Closed-Date:    Mon Feb 04 00:40:19 UTC 2013
>Last-Modified:  Mon Feb 04 00:40:19 UTC 2013
>Originator:     Erik Cederstrand
>Release:        CURRENT
>Organization:
>Environment:
>Description:
This patch fixes several sources of memory leaks and an  allocator sizeof operand mismatch in umount.

The fixes are based on the reports generated by Clang Static Analyzer: http://scan.freebsd.your.org/freebsd-head/sbin.umount/2012-10-03-amd64/

The attached patch fixes all analyzer warnings un umount.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: head/sbin/umount/umount.c
===================================================================
--- head/sbin/umount/umount.c	(revision 241370)
+++ head/sbin/umount/umount.c	(working copy)
@@ -359,8 +359,11 @@
 			do_rpc = 1;
 	}
 
-	if (!namematch(ai))
+	if (!namematch(ai)) {
+		if (orignfsdirname != NULL)
+			free(orignfsdirname);
 		return (1);
+	}
 	/* First try to unmount using the file system ID. */
 	snprintf(fsidbuf, sizeof(fsidbuf), "FSID:%d:%d", sfs->f_fsid.val[0],
 	    sfs->f_fsid.val[1]);
@@ -369,13 +372,18 @@
 		if (errno != ENOENT || sfs->f_fsid.val[0] != 0 ||
 		    sfs->f_fsid.val[1] != 0)
 			warn("unmount of %s failed", sfs->f_mntonname);
-		if (errno != ENOENT)
+		if (errno != ENOENT) {
+			if (orignfsdirname != NULL)
+				free(orignfsdirname);
 			return (1);
+		}
 		/* Compatibility for old kernels. */
 		if (sfs->f_fsid.val[0] != 0 || sfs->f_fsid.val[1] != 0)
 			warnx("retrying using path instead of file system ID");
 		if (unmount(sfs->f_mntonname, fflag) != 0) {
 			warn("unmount of %s failed", sfs->f_mntonname);
+			if (orignfsdirname != NULL)
+				free(orignfsdirname);
 			return (1);
 		}
 	}
@@ -393,6 +401,8 @@
 		if (clp  == NULL) {
 			warnx("%s: %s", hostp,
 			    clnt_spcreateerror("MOUNTPROG"));
+			if (orignfsdirname != NULL)
+				free(orignfsdirname);
 			return (1);
 		}
 		clp->cl_auth = authsys_create_default();
@@ -403,6 +413,8 @@
 		if (clnt_stat != RPC_SUCCESS) {
 			warnx("%s: %s", hostp,
 			    clnt_sperror(clp, "RPCMNT_UMOUNT"));
+			if (orignfsdirname != NULL)
+				free(orignfsdirname);
 			return (1);
 		}
 		/*
@@ -415,10 +427,11 @@
 				    hostp, nfsdirname);
 			free_mtab();
 		}
-		free(orignfsdirname);
 		auth_destroy(clp->cl_auth);
 		clnt_destroy(clp);
 	}
+	if (orignfsdirname != NULL)
+		free(orignfsdirname);
 	return (0);
 }
 
@@ -436,7 +449,7 @@
 			return (NULL);
 	}
 	if (mntcheck == NULL) {
-		if ((mntcheck = calloc(mntsize + 1, sizeof(int))) == NULL)
+		if ((mntcheck = calloc(mntsize + 1, sizeof(char))) == NULL)
 			err(1, "calloc");
 	}
 	/*

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->eadler 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Mon Oct 15 02:53:58 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=172553 
State-Changed-From-To: open->feedback 
State-Changed-By: eadler 
State-Changed-When: Fri Nov 9 01:35:58 UTC 2012 
State-Changed-Why:  
please see mail I sent 

http://www.freebsd.org/cgi/query-pr.cgi?pr=172553 
State-Changed-From-To: feedback->patched 
State-Changed-By: eadler 
State-Changed-When: Thu Nov 15 18:35:22 UTC 2012 
State-Changed-Why:  
committed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=172553 
State-Changed-From-To: patched->closed 
State-Changed-By: eadler 
State-Changed-When: Mon Feb 4 00:40:18 UTC 2013 
State-Changed-Why:  
MFCed/fixed by now or it will never be MFCed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=172553 
>Unformatted:
