From 3e1d8d1d1dca24ae90df2ea826a8916896fc7e77 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Tue, 13 Aug 2024 21:08:49 -0400 Subject: ungetc: Fix backup buffer leak on program exit [BZ #27821] If a file descriptor is left unclosed and is cleaned up by _IO_cleanup on exit, its backup buffer remains unfreed, registering as a leak in valgrind. This is not strictly an issue since (1) the program should ideally be closing the stream once it's not in use and (2) the program is about to exit anyway, so keeping the backup buffer around a wee bit longer isn't a real problem. Free it anyway to keep valgrind happy when the streams in question are the standard ones, i.e. stdout, stdin or stderr. Also, the _IO_have_backup macro checks for _IO_save_base, which is a roundabout way to check for a backup buffer instead of directly looking for _IO_backup_base. The roundabout check breaks when the main get area has not been used and user pushes a char into the backup buffer with ungetc. Fix this to use the _IO_backup_base directly. Signed-off-by: Siddhesh Poyarekar Reviewed-by: Carlos O'Donell --- libio/genops.c | 6 ++++++ libio/libioP.h | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'libio') diff --git a/libio/genops.c b/libio/genops.c index b012fa33d2..35d8b30710 100644 --- a/libio/genops.c +++ b/libio/genops.c @@ -816,6 +816,12 @@ _IO_unbuffer_all (void) legacy = 1; #endif + /* Free up the backup area if it was ever allocated. */ + if (_IO_have_backup (fp)) + _IO_free_backup_area (fp); + if (fp->_mode > 0 && _IO_have_wbackup (fp)) + _IO_free_wbackup_area (fp); + if (! (fp->_flags & _IO_UNBUFFERED) /* Iff stream is un-orientated, it wasn't used. */ && (legacy || fp->_mode != 0)) diff --git a/libio/libioP.h b/libio/libioP.h index 1af287b19f..616253fcd0 100644 --- a/libio/libioP.h +++ b/libio/libioP.h @@ -577,8 +577,8 @@ extern void _IO_old_init (FILE *fp, int flags) __THROW; ((__fp)->_wide_data->_IO_write_base \ = (__fp)->_wide_data->_IO_write_ptr = __p, \ (__fp)->_wide_data->_IO_write_end = (__ep)) -#define _IO_have_backup(fp) ((fp)->_IO_save_base != NULL) -#define _IO_have_wbackup(fp) ((fp)->_wide_data->_IO_save_base != NULL) +#define _IO_have_backup(fp) ((fp)->_IO_backup_base != NULL) +#define _IO_have_wbackup(fp) ((fp)->_wide_data->_IO_backup_base != NULL) #define _IO_in_backup(fp) ((fp)->_flags & _IO_IN_BACKUP) #define _IO_have_markers(fp) ((fp)->_markers != NULL) #define _IO_blen(fp) ((fp)->_IO_buf_end - (fp)->_IO_buf_base) -- cgit v1.2.3