NetBSD Problem Report #57095

From www@netbsd.org  Fri Dec  2 17:28:29 2022
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 27B601A921F
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  2 Dec 2022 17:28:29 +0000 (UTC)
Message-Id: <20221202172827.87EB21A923A@mollari.NetBSD.org>
Date: Fri,  2 Dec 2022 17:28:27 +0000 (UTC)
From: yileiyang@google.com
Reply-To: yileiyang@google.com
To: gnats-bugs@NetBSD.org
Subject: libedit's replace_history_entry function has a small memory leak
X-Send-Pr-Version: www-1.0

>Number:         57095
>Category:       lib
>Synopsis:       libedit's replace_history_entry function has a small memory leak
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Dec 02 17:30:00 +0000 2022
>Last-Modified:  Fri Dec 02 19:25:01 +0000 2022
>Originator:     Yilei Yang
>Release:        git hash c88d35a3adc2cdd8cb57d37d241a9e979b877581 at https://github.com/NetBSD/src
>Organization:
Google
>Environment:
>Description:
We have an internal build of CPython, and the new changes since Python 3.10 now detects a memory leak in the use of add_history + replace_history_entry here in an ASan build: https://github.com/python/cpython/blob/0563be23a557917228a8b48cbb31bda285a3a815/Modules/readline.c#L1225-L1233

Upon investigation, it appears that the following call in replace_history_entry:

https://github.com/NetBSD/src/blob/3de79feea1982eb1e10c0a3165625b0d0f4c5c32/lib/libedit/readline.c#L1609

copies the `ev.str`, but later `ev.str` is simply overridden by the H_REPLACE operation here:

https://github.com/NetBSD/src/blob/3de79feea1982eb1e10c0a3165625b0d0f4c5c32/lib/libedit/history.c#L1167

Thus the memory previously held by `ev.str` is leaked.
>How-To-Repeat:
I'm not sure how to easily build a CPython runtime in an ASan build that uses libedit, but the issue is exposed by these lines: https://github.com/python/cpython/blob/0563be23a557917228a8b48cbb31bda285a3a815/Modules/readline.c#L1225-L1233
>Fix:
Changing https://github.com/NetBSD/src/blob/3de79feea1982eb1e10c0a3165625b0d0f4c5c32/lib/libedit/readline.c#L1609 from

> he->line = strdup(ev.str);

to

> he->line = ev.str;

should fix the memory leak.

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/57095 CVS commit: src/lib/libedit
Date: Fri, 2 Dec 2022 14:23:16 -0500

 Module Name:	src
 Committed By:	christos
 Date:		Fri Dec  2 19:23:16 UTC 2022

 Modified Files:
 	src/lib/libedit: readline.c

 Log Message:
 PR/57095: Yilei Yang: Change readline's replace_history_entry to not make a copy
 of the string to replace since H_REPLACE already makes a copy (fixes memory leak)


 To generate a diff of this commit:
 cvs rdiff -u -r1.177 -r1.178 src/lib/libedit/readline.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2022 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.