kconfig: Fix expr_free() E_NOT leak
authorUlf Magnusson <ulfalizer@gmail.com>
Sun, 8 Oct 2017 17:35:45 +0000 (19:35 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 26 Apr 2018 09:02:08 +0000 (11:02 +0200)
[ Upstream commit 5b1374b3b3c2fc4f63a398adfa446fb8eff791a4 ]

Only the E_NOT operand and not the E_NOT node itself was freed, due to
accidentally returning too early in expr_free(). Outline of leak:

switch (e->type) {
...
case E_NOT:
expr_free(e->left.expr);
return;
...
}
*Never reached, 'e' leaked*
free(e);

Fix by changing the 'return' to a 'break'.

Summary from Valgrind on 'menuconfig' (ARCH=x86) before the fix:

LEAK SUMMARY:
   definitely lost: 44,448 bytes in 1,852 blocks
   ...

Summary after the fix:

LEAK SUMMARY:
   definitely lost: 1,608 bytes in 67 blocks
   ...

Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
scripts/kconfig/expr.c

index cbf4996dd9c1045ecc7ffa66a9ec79edd99b1038..ed29bad1f03a3cf33097332fc67940b15154b2b4 100644 (file)
@@ -113,7 +113,7 @@ void expr_free(struct expr *e)
                break;
        case E_NOT:
                expr_free(e->left.expr);
-               return;
+               break;
        case E_EQUAL:
        case E_GEQ:
        case E_GTH: