From c6a1eb1c372f809bd7fdd827c72e6cc22268d358 Mon Sep 17 00:00:00 2001 From: Jacques de Laval Date: Tue, 22 Nov 2022 15:58:10 +0100 Subject: [PATCH] Fix memory leak in join handler The timer for deleting a group entry has associated data allocated on the heap. This data must be freed not only when the timer times out, but also when receiving a new join for the same group in which case we replace the currently active timer. Signed-off-by: Jacques de Laval --- src/iface.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/iface.c b/src/iface.c index 8f21802..0af777a 100644 --- a/src/iface.c +++ b/src/iface.c @@ -954,7 +954,7 @@ static void delete_group_cb(int timeout, void *arg) ifi = config_find_iface(cbk->ifindex); if (!ifi) - goto done; + return; logit(LOG_DEBUG, 0, "Group membership timeout for %s on %s", inet_fmt(cbk->g->al_addr, s1, sizeof(s1)), ifi->ifi_name); @@ -969,8 +969,6 @@ static void delete_group_cb(int timeout, void *arg) TAILQ_REMOVE(&ifi->ifi_groups, g, al_link); free(g); - done: - free(cbk); } /* @@ -979,7 +977,9 @@ static void delete_group_cb(int timeout, void *arg) static int delete_group_timer(int ifindex, struct listaddr *g, int tmo) { cbk_t *cbk; + int tid; + /* cbk is freed as a side effect of pev_timer_del (via the deletion cb) */ cbk = calloc(1, sizeof(cbk_t)); if (!cbk) { logit(LOG_ERR, errno, "%s(): Failed allocating memory", __func__); @@ -992,7 +992,10 @@ static int delete_group_timer(int ifindex, struct listaddr *g, int tmo) /* Record mtime for IPC "show igmp" */ // g->al_mtime = virtual_time; - return pev_timer_add(tmo * 1000000, 0, delete_group_cb, cbk); + tid = pev_timer_add(tmo * 1000000, 0, delete_group_cb, cbk); + pev_timer_set_cb_del(tid, free); + + return tid; } /*