search

deadmenace / mongoose

Automatically exported from code.google.com/p/mongoose
MIT License
0 stars 0 forks source link

Memory leak when removing a callback function #151

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Register a URI callback function for a page "b.htm" by calling 
mg_set_uri_callback( ctx, "/b.htm", func, NULL )
2. Unregister the URI callback function for that page by calling 
mg_set_uri_callback( ctx, "/b.htm", NULL, NULL )
3. Stop the server by calling mg_stop( ctx )

What is the expected output? What do you see instead?
An analysis tool may show that memory has leaked.  I haven't tried this - I 
just noticed the (possible) problem by code inspection.

What version of the product are you using? On what operating system?
mongoose v2.8, running on Windows Vista Business, Service Pack 2

Please provide any additional information below.
I believe the problem is that the cb->uri_regex buffer is not freed in the 
remove_callback() function before the pointer is overwritten by the memmove() 
call.  Here is the current code starting at line 2935:

    for (i = 0; i < ctx->num_callbacks; i++) {
        cb = ctx->callbacks + i;
        if ((uri_regex != NULL && cb->uri_regex != NULL &&
            ((is_auth && cb->is_auth) || (!is_auth && !cb->is_auth)) &&
            !strcmp(uri_regex, cb->uri_regex)) || (uri_regex == NULL &&
             (cb->status_code == 0 ||
              cb->status_code == status_code))) {
            (void) memmove(cb, cb + 1,
                (char *) (ctx->callbacks + ctx->num_callbacks) -
                (char *) (cb + 1));
            break;
        }
    }

I believe an if-statement that checks cb->uri_regex and frees it if it is 
non-null (as done in mg_fini()) should be added prior to the memmove() call on 
line 2942:

    for (i = 0; i < ctx->num_callbacks; i++) {
        cb = ctx->callbacks + i;
        if ((uri_regex != NULL && cb->uri_regex != NULL &&
            ((is_auth && cb->is_auth) || (!is_auth && !cb->is_auth)) &&
            !strcmp(uri_regex, cb->uri_regex)) || (uri_regex == NULL &&
             (cb->status_code == 0 ||
              cb->status_code == status_code))) {
            if (cb->uri_regex != NULL)
                free(cb->uri_regex);
            (void) memmove(cb, cb + 1,
                (char *) (ctx->callbacks + ctx->num_callbacks) -
                (char *) (cb + 1));
            break;
        }
    }

(See also issue #150 regarding another bug in the same function.)

PS. Thanks for writing mongoose!  I really appreciate your efforts!

Original issue reported on code.google.com by AdrianLo...@comcast.net on 11 Jun 2010 at 2:04

GoogleCodeExporter commented 9 years ago 
This is obsolete now.

Original comment by valenok on 23 Aug 2010 at 8:51