[vbox-dev] Bug report (major, ressource leak)

Fri Apr 30 16:49:31 PDT 2010

Type: Bug
Severity: major, ressource leak
Component: VirtualBox OSE
Host: Ubuntu 64

In file src/VBox/Additions/linux/sharedfolders/mount.vboxsf.c:

   393    iconv_t cd;
   394
   #395   cd = iconv_open ("UTF-8", in_codeset);
   396    if (cd == (iconv_t) -1)
   397    {
   398        panic_err ("could not convert share name, iconv_open `%s' failed",
   399                   in_codeset);
   400    }
   401
   402    while (ib)
   403    {
   404        size_t c = iconv (cd, &i, &ib, &o, &ob);
   405        if (c == (size_t) -1)
   406        {
   407            panic_err ("could not convert share name(%s) at %d",
   408                       host_name, (int)(strlen (host_name) - ib));
   409        }
   410    }
   411    *o = 0;
   412}

In line 395 iconv_open will acquire memory that is never freed.

In file vbox/src/libs/xpcom18a4/nsprpub/pr/src/threads/prcmon.c:

   #136       p = (MonitorCacheEntry*)
   137            PR_REALLOC(new_entries, added * sizeof(MonitorCacheEntry));
   138        if (p == 0) {
   139            /*
   140            ** Total lossage. We just leaked a bunch of system monitors
   141            ** all over the floor. This should never ever happen.
   142            */
   143            PR_ASSERT(p != 0);
   144            return PR_FAILURE;
   145        }
   146    }
   147
   148    /*
   149    ** Now that we have allocated all of the system monitors, build up
   150    ** the new free list. We can just update the free_list because we own
   151    ** the mcache-lock and we aren't calling anyone who might want to use
   152    ** it.
   153    */
   !154   for (i = 0, p = new_entries; i < added - 1; i++, p++)

In line 136 memory is allocated and assigned to p. In line 154 the value of p is overwritten and the memory pointed to before is never freed.