segtree: memleaks in interval_map_decompose()

mpz_init_bitmask() overrides the existing memory area: ==19179== 8 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==19179== at 0x483577F: malloc (vg_replace_malloc.c:299) ==19179== by 0x489C718: xmalloc (utils.c:36) ==19179== by 0x4B825C5: __gmpz_init2 (in /usr/lib/x86_64-linux-g nu/libgmp.so.10.3.2) f ==19179== by 0x4880239: constant_expr_alloc (expression.c:400) ==19179== by 0x489B8A1: interval_map_decompose (segtree.c:1098) ==19179== by 0x489017D: netlink_list_setelems (netlink.c:1220) ==19179== by 0x48779AC: cache_init_objects (rule.c:170) 5 ==19179== by 0x48779AC: cache_init (rule.c:228) ==19179== by 0x48779AC: cache_update (rule.c:279) ==19179== by 0x48A21AE: nft_evaluate (libnftables.c:406) left-hand side of the interval is leaked when building the range: ==25835== 368 (128 direct, 240 indirect) bytes in 1 blocks are definitely lost in loss record 5 of 5 ==25835== at 0x483577F: malloc (vg_replace_malloc.c:299) ==25835== by 0x489B628: xmalloc (utils.c:36) ==25835== by 0x489B6F8: xzalloc (utils.c:65) ==25835== by 0x487E176: expr_alloc (expression.c:45) ==25835== by 0x487F960: mapping_expr_alloc (expression.c:1149) ==25835== by 0x488EC84: netlink_delinearize_setelem (netlink.c:1166) ==25835== by 0x4DC6928: nftnl_set_elem_foreach (set_elem.c:725) ==25835== by 0x488F0D5: netlink_list_setelems (netlink.c:1215) ==25835== by 0x487695C: cache_init_objects (rule.c:170) ==25835== by 0x487695C: cache_init (rule.c:228) ==25835== by 0x487695C: cache_update (rule.c:279) ==25835== by 0x48A10BE: nft_evaluate (libnftables.c:406) ==25835== by 0x48A19B6: nft_run_cmd_from_buffer (libnftables.c:451) ==25835== by 0x10A8E1: main (main.c:487) Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2020-08-04 22:12:12 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-08-05 11:28:49 +0200
commit: 455709effa095c6e986385974a0cf702dad8491c (patch)
tree: 4e1eb5e9b92dfd98fadb41b357cf49a7ed76c9cf /src/segtree.c
parent: 80140a4c4f661a2881a41dc57b4baa3e45f12b55 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/src/segtree.c b/src/segtree.c
index a9b4b1bd..3a641bc5 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -1097,16 +1097,20 @@ void interval_map_decompose(struct expr *set)
 
 	i = constant_expr_alloc(&low->location, low->dtype,
 				low->byteorder, expr_value(low)->len, NULL);
-	mpz_init_bitmask(i->value, i->len);
+	mpz_bitmask(i->value, i->len);
 
 	if (!mpz_cmp(i->value, expr_value(low)->value)) {
 		expr_free(i);
 		i = low;
 	} else {
-		i = range_expr_alloc(&low->location, expr_value(low), i);
+		i = range_expr_alloc(&low->location,
+				     expr_clone(expr_value(low)), i);
 		i = set_elem_expr_alloc(&low->location, i);
 		if (low->etype == EXPR_MAPPING)
-			i = mapping_expr_alloc(&i->location, i, low->right);
+			i = mapping_expr_alloc(&i->location, i,
+					       expr_clone(low->right));
+
+		expr_free(low);
 	}
 
 	compound_expr_add(set, i);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2020-08-04 22:12:12 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-08-05 11:28:49 +0200
commit	455709effa095c6e986385974a0cf702dad8491c (patch)
tree	4e1eb5e9b92dfd98fadb41b357cf49a7ed76c9cf /src/segtree.c
parent	80140a4c4f661a2881a41dc57b4baa3e45f12b55 (diff)