You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "kuldeep gupta (JIRA)" <ji...@apache.org> on 2013/08/03 12:49:48 UTC

[jira] [Updated] (THRIFT-2018) Resource Leak in TBufferTransports in cpp library of thrift 0.9.0

     [ https://issues.apache.org/jira/browse/THRIFT-2018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

kuldeep gupta updated THRIFT-2018:
----------------------------------

    Patch Info: Patch Available
    
> Resource Leak in TBufferTransports in cpp library of thrift 0.9.0
> -----------------------------------------------------------------
>
>                 Key: THRIFT-2018
>                 URL: https://issues.apache.org/jira/browse/THRIFT-2018
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.9
>         Environment: thrift 0.9.0 on Linux 2.6.32-220.el6.x86_64
>            Reporter: kuldeep gupta
>
> In file lib/cpp/src/thrift/transport/TBufferTransports.cpp
> void TMemoryBuffer::ensureCanWrite(uint32_t len) {
>  333   // Check available space
>  334   uint32_t avail = available_write();
>  335   if (len <= avail) {
>  336     return;
>  337   }
>  338 
>  339   if (!owner_) {
>  340     throw TTransportException("Insufficient space in external MemoryBuffer");
>  341   }
>  342 
>  343   // Grow the buffer as necessary.
>  344   uint32_t new_size = bufferSize_;
>  345   while (len > avail) {
>  346     new_size = new_size > 0 ? new_size * 2 : 1;
>  347     avail = available_write() + (new_size - bufferSize_);
>  348   }
>  349 
>  350   // Allocate into a new pointer so we don't bork ours if it fails.
>  351   void* new_buffer = std::realloc(buffer_, new_size);
>  352   if (new_buffer == NULL) {
>  353     throw std::bad_alloc();
>  354   }
>  355   bufferSize_ = new_size;
>  356 
>  357   ptrdiff_t offset = (uint8_t*)new_buffer - buffer_;
>  358   buffer_ += offset;
>  359   rBase_ += offset;
>  360   rBound_ += offset;
>  361   wBase_ += offset;
>  362   wBound_ = buffer_ + bufferSize_;
>  363 }
> In the Above code at line number 351.
> 1. Storage is returned from allocation function "realloc(void *, size_t)". 
> 2. Assigning: "new_buffer" = storage returned from "realloc(this->buffer_, new_size)". 
> 3. At line number 363
> Variable "new_buffer" going out of scope leaks the storage it points to.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira